Reducing authentication confidence over time based on user history

US 9,590,966 B2
Filed: 03/15/2013
Issued: 03/07/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus, the apparatus comprising:

at least one processor;

at least one memory; and

at least a set of executable instructions stored within the memory, wherein the executable instructions, when executed by the at least one processor, are to;

detect a triggering event that indicates a new decay rate is to be calculated;

identify a beginning time and an ending time associated with an interval of time during an active user session on a client device associated with a user, wherein the beginning time is to indicate a first absolute session time measured from a start of the active user session to a last positive authentication of the active user session, and wherein the ending time is to indicate a second absolute session time measured from the start of the active user session to a later time occurring after the last positive authentication;

determine a first value based, at least in part, on a first number of prior user sessions of a first subset of a set of prior user sessions that are no longer active, wherein a session length of each of the prior user sessions of the first subset was at least as long as the beginning time;

determine a second value based, at least in part, on a second number of prior user sessions of a second subset of the set of prior user sessions, wherein a session length of each of the prior user sessions of the second subset was at least as long as the ending time;

determine a decay rate for a current authentication confidence score by dividing the second value by the first value; and

determine an updated authentication confidence score by multiplying the current authentication confidence score by the decay rate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Citations

21 Claims

1. An apparatus, the apparatus comprising:
- at least one processor;
  
  at least one memory; and
  
  at least a set of executable instructions stored within the memory, wherein the executable instructions, when executed by the at least one processor, are to;
  
  detect a triggering event that indicates a new decay rate is to be calculated;
  
  identify a beginning time and an ending time associated with an interval of time during an active user session on a client device associated with a user, wherein the beginning time is to indicate a first absolute session time measured from a start of the active user session to a last positive authentication of the active user session, and wherein the ending time is to indicate a second absolute session time measured from the start of the active user session to a later time occurring after the last positive authentication;
  
  determine a first value based, at least in part, on a first number of prior user sessions of a first subset of a set of prior user sessions that are no longer active, wherein a session length of each of the prior user sessions of the first subset was at least as long as the beginning time;
  
  determine a second value based, at least in part, on a second number of prior user sessions of a second subset of the set of prior user sessions, wherein a session length of each of the prior user sessions of the second subset was at least as long as the ending time;
  
  determine a decay rate for a current authentication confidence score by dividing the second value by the first value; and
  
  determine an updated authentication confidence score by multiplying the current authentication confidence score by the decay rate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the executable instructions, when executed by the at least one processor, are to:
    - reduce the authentication confidence score based on the decay rate.
  - 3. The apparatus of claim 1, wherein the interval of time is to occur before the active user session terminates.
  - 4. The apparatus of claim 1, wherein a session length mapping includes session length data for each one of the prior user sessions of the set, wherein the session length mapping includes the first and second values mapped to the beginning and ending times, respectively.
  - 5. The apparatus of claim 4, wherein the executable instructions, when executed by the at least one processor, are to:
    - update the session length mapping to include session length data of the active user session when the active user session terminates.
  - 6. The apparatus of claim 1, wherein the prior user sessions of the set are distinguished from other prior user sessions by one or more context attributes.
  - 7. The apparatus of claim 6, wherein the one or more context attributes include at least one of:
    - a time of day, a day of a period of days, a location of the client device, a position of the client device, a type of document being accessed, a type of application being executed, weather, ambient light, a network to which the client device is connected, or a device to which the client device is connected.
  - 8. The apparatus of claim 6, wherein the active user session of the client device is distinguished from the other prior user sessions by the one or more context attributes.
  - 9. The apparatus of claim 1, wherein the prior user sessions of the set are distinguished from other prior user sessions by a first context attribute, and wherein at least some of the other prior user sessions are distinguished by a second context attribute.
  - 10. The apparatus of claim 1, wherein the first and second values are percentages or absolute numbers.
  - 11. The apparatus of claim 1, wherein none of the prior user sessions of the set was established on the client device.
  - 12. The apparatus of claim 1, wherein at least some of the prior user sessions of the set were established on the client device.

13. At least one non-transitory machine readable storage medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
- detect a triggering event that indicates a new decay rate is to be calculated;
  
  identify a beginning time and an ending time associated with an interval of time during an active user session on a client device associated with a user, wherein the beginning time is to indicate a first absolute session time measured from a start of the active user session to a last positive authentication of the active user session, and wherein the ending time is to indicate a second absolute session time measured from the start of the active user session to a later time after the last positive authentication;
  
  determine a first value based, at least in part, on a first number of prior user sessions of a first subset of a set of prior user sessions that are no longer active, wherein a session length of each of the prior user sessions of the first subset was at least as long as the beginning time;
  
  determine a second value based, at least in part, on a second number of prior user sessions of a second subset of the set of prior user sessions, wherein a session length of each of the prior user sessions of the second subset was at least as long as the ending time;
  
  determine a decay rate for a current authentication confidence score by dividing the second value by the first value; and
  
  determine an updated authentication confidence score by multiplying the current authentication confidence score by the decay rate.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The at least one non-transitory machine readable storage medium of claim 13, wherein the instructions when executed by the processor further cause the processor to:
    - reduce the authentication confidence score based on the decay rate.
  - 15. The at least one non-transitory machine readable storage medium of claim 13, wherein a session length mapping includes session length data for each one of the prior user sessions of the set, wherein the session length mapping includes the first and second values mapped to the beginning and ending times, respectively.
  - 16. The at least one non-transitory machine readable storage medium of claim 15, wherein the instructions when executed by the processor further cause the processor to:
    - update the session length mapping to include session length data of the active user session when the active user session terminates.
  - 17. The at least one non-transitory machine readable storage medium of claim 13, wherein the prior user sessions of the set are distinguished from other prior user sessions by one or more context attributes.
  - 18. The at least one non-transitory machine readable storage medium of claim 17, wherein the one or more context attributes include at least one of:
    - a time of day, a day of a period of days, a location of the client device, a position of the client device, a type of document being accessed, a type of application being executed, weather, ambient light, a network to which the client device is connected, or a device to which the client device is connected.
  - 19. The at least one non-transitory machine readable storage medium of claim 13, wherein the first and second values are percentages or absolute numbers.

20. A method, comprising:
- detecting a triggering event that indicates a new decay rate is to be calculated;
  
  identifying a beginning time and an ending time associated with an interval of time during an active user session on a client device associated with a user, wherein the beginning time indicates a first absolute session time measured from a start of the active user session to a last positive authentication of the active user session, and wherein the ending time indicates a second absolute session time measured from the start of the active user session to a later time occurring after the last positive authentication;
  
  determining a first value based, at least in part, on a first number of prior user sessions of a first subset of a set of prior user sessions that are no longer active, wherein a session length of each of the prior user sessions of the first subset was at least as long as the beginning time;
  
  determining a second value based, at least in part, on a second number of prior user sessions of a second subset of the set of prior user sessions, wherein a session length of each of the prior user sessions of the second subset was at least as long as the ending time;
  
  determining a decay rate for a current authentication confidence score by dividing the second value by the first value; and
  
  determining an updated authentication confidence score by multiplying the current authentication confidence score by the decay rate.
- View Dependent Claims (21)
- - 21. The method of claim 20, wherein the prior user sessions of the set are distinguished from other prior user sessions by one or more context attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Sheller, Micah, Cahill, Conor, Martin, Jason, Baker, Brandon
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US13/840,572
Publication Number

US 20140282893A1
Time in Patent Office

1,453 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

Reducing authentication confidence over time based on user history

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing authentication confidence over time based on user history

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links