Reducing authentication confidence over time based on user history

US 9,762,566 B2
Filed: 01/30/2017
Issued: 09/12/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine readable storage medium comprising instructions stored thereon, the instructions when executed by at least one processor cause the at least one processor to:

identify a first absolute session time and a second absolute session time associated with an active user session on a client device associated with a user, wherein the first absolute session time corresponds to an amount of time measured from a start of the active user session to a last positive authentication of the active user session, wherein the second absolute session time corresponds to another amount of time measured from the start of the active user session to a later time occurring after the last positive authentication; and

calculate an updated authentication confidence score, the updated authentication confidence score corresponding to a result that equals a current authentication confidence score multiplied by a decay rate, wherein the decay rate equals a second value representing a second subset of a set of prior user sessions divided by a first value representing a first subset of the set of prior user sessions, wherein each prior user session of the first subset lasted at least as long as the first absolute session time, and wherein each prior user session of the second subset lasted at least as long as the second absolute session time.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

56 Citations

20 Claims

1. At least one non-transitory machine readable storage medium comprising instructions stored thereon, the instructions when executed by at least one processor cause the at least one processor to:
- identify a first absolute session time and a second absolute session time associated with an active user session on a client device associated with a user, wherein the first absolute session time corresponds to an amount of time measured from a start of the active user session to a last positive authentication of the active user session, wherein the second absolute session time corresponds to another amount of time measured from the start of the active user session to a later time occurring after the last positive authentication; and
  
  calculate an updated authentication confidence score, the updated authentication confidence score corresponding to a result that equals a current authentication confidence score multiplied by a decay rate, wherein the decay rate equals a second value representing a second subset of a set of prior user sessions divided by a first value representing a first subset of the set of prior user sessions, wherein each prior user session of the first subset lasted at least as long as the first absolute session time, and wherein each prior user session of the second subset lasted at least as long as the second absolute session time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The at least one non-transitory machine readable storage medium of claim 1, wherein a session length mapping includes session length data for each prior user session of the set of prior user sessions, wherein a session length mapping includes the first value and the second value mapped to the first absolute session time and the second absolute session time, respectively.
  - 3. The at least one non-transitory machine readable storage medium of claim 2, wherein the instructions, when executed by the at least one processor, are to:
    - update the session length mapping to include new session length data of the active user session based on the active user session terminating.
  - 4. The at least one non-transitory machine readable storage medium of claim 1, wherein one or more prior user sessions of the set are distinguished from other prior user sessions of the set by one or more context attributes.
  - 5. The at least one non-transitory machine readable storage medium of claim 4, wherein the one or more context attributes include at least one of:
    - a time of day, a day of a period of days, a location of the client device, a position of the client device, a type of document being accessed, a type of application being executed, weather, ambient light, a network to which the client device is connected, or a device to which the client device is connected.
  - 6. The at least one non-transitory machine readable storage medium of claim 1, wherein the first and second values are percentages or absolute numbers.
  - 7. The at least one non-transitory machine readable storage medium of claim 1, wherein each of the prior user sessions of the set is associated with the user.
  - 8. The at least one non-transitory machine readable storage medium of claim 1, wherein the instructions, when executed by the at least one processor, further cause the at least one processor to detect a triggering event prior to calculating the updated authentication confidence score.
  - 9. The at least one non-transitory machine readable storage medium of claim 8, wherein the triggering event is based on an occurrence of:
    - an authentication engine requesting the decay rate based on a current absolute session time of the active user session;
      
      oran expiration of a predetermined interval of time.
  - 10. The at least one non-transitory machine readable storage medium of claim 1, wherein the second absolute session time corresponds to a current session time of the active user session or to a future session time of the active user session.
  - 11. The at least one non-transitory machine readable storage medium of claim 1, wherein the last positive authentication corresponds to a last session time during the active user session at which the authentication confidence score was updated.
  - 12. The at least one non-transitory machine readable storage medium of claim 1, wherein the last positive authentication corresponds to a last session time during the active user session at which the authentication confidence score was at least partially restored based on other information indicating the user was present.

13. A system, the system comprising:
- at least one processor coupled to a memory element; and
  
  an authentication engine comprising instructions stored in the memory element that when executed by the at least one processor are to;
  
  identify a first absolute session time and a second absolute session time associated with an active user session on a client device associated with a user, wherein the first absolute session time corresponds to an amount of time measured from a start of the active user session to a last positive authentication of the active user session, wherein the second absolute session time corresponds to another amount of time measured from the start of the active user session to a later time occurring after the last positive authentication; and
  
  calculate an updated authentication confidence score, the updated authentication confidence score corresponding to a result that equals a current authentication confidence score multiplied by a decay rate, wherein the decay rate equals a second value representing a second subset of a set of prior user sessions divided by a first value representing a first subset of the set of prior user sessions, wherein each prior user session of the first subset lasted at least as long as the first absolute session time, and wherein each prior user session of the second subset lasted at least as long as the second absolute session time.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein a session length mapping includes session length data for each prior user session of the set of prior user sessions, wherein a session length mapping includes the first value and the second value mapped to the first absolute session time and the second absolute session time, respectively.
  - 15. The system of claim 14, wherein the instructions, when executed by the at least one processor, are to:
    - update the session length mapping to include new session length data of the active user session based on the active user session terminating.
  - 16. The system of claim 13, wherein one or more prior user sessions of the set are distinguished from other prior user sessions of the set by one or more context attributes.
  - 17. The system of claim 13, wherein the last positive authentication corresponds to a last session time during the active user session at which the authentication confidence score was updated.

18. A method, comprising:
- identifying a first absolute session time and a second absolute session time associated with an active user session on a client device associated with a user, wherein the first absolute session time corresponds to an amount of time measured from a start of the active user session to a last positive authentication of the active user session, wherein the second absolute session time corresponds to another amount of time measured from the start of the active user session to a later time occurring after the last positive authentication; and
  
  calculating an updated authentication confidence score, the updated authentication confidence score corresponding to a result that equals a current authentication confidence score multiplied by a decay rate, wherein the decay rate equals a second value representing a second subset of a set of prior user sessions divided by a first value representing a first subset of the set of prior user sessions, wherein each prior user session of the first subset lasted at least as long as the first absolute session time, and wherein each prior user session of the second subset lasted at least as long as the second absolute session time.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein one or more prior user sessions of the set are distinguished from other prior user sessions of the set by one or more context attributes.
  - 20. The method of claim 18, wherein the second absolute session time corresponds to a current session time of the active user session or to a future session time of the active user session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Sheller, Micah, Cahill, Conor, Martin, Jason, Baker, Brandon
Primary Examiner(s)
GRACIA, GARY S

Application Number

US15/419,447
Publication Number

US 20170142089A1
Time in Patent Office

225 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

Reducing authentication confidence over time based on user history

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing authentication confidence over time based on user history

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links