Security challenge assisted password proxy
First Claim
1. At least one non-transitory machine readable storage medium comprising a plurality of instructions for contextual authentication that, responsive to being executed with processor circuitry of a computing device, cause the computing device to:
- process a contextual data set for a human user, the contextual data set including at least two of;
activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;
process a request for access to a secured resource received via a user interface of the computing device;
determine a security level of a credential stored in a set of encrypted user credentials;
generate a textual challenge question and a textual challenge answer based on at least two of;
activity characteristics of the human user indicated in the activity data, event characteristics of an event involving the human user indicated in the event data, or location characteristics of the human user indicated in the location data;
provide the textual challenge question for output in the user interface of the computing device;
evaluate a response to the textual challenge question received via the user interface of the computing device, wherein the response is evaluated against the textual challenge answer to determine a correct response status or an incorrect response status; and
provide the credential to the secured resource responsive to the correct response status.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device.
-
Citations
20 Claims
-
1. At least one non-transitory machine readable storage medium comprising a plurality of instructions for contextual authentication that, responsive to being executed with processor circuitry of a computing device, cause the computing device to:
-
process a contextual data set for a human user, the contextual data set including at least two of;
activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;process a request for access to a secured resource received via a user interface of the computing device; determine a security level of a credential stored in a set of encrypted user credentials; generate a textual challenge question and a textual challenge answer based on at least two of;
activity characteristics of the human user indicated in the activity data, event characteristics of an event involving the human user indicated in the event data, or location characteristics of the human user indicated in the location data;provide the textual challenge question for output in the user interface of the computing device; evaluate a response to the textual challenge question received via the user interface of the computing device, wherein the response is evaluated against the textual challenge answer to determine a correct response status or an incorrect response status; and provide the credential to the secured resource responsive to the correct response status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for contextual authentication, comprising electronic operations performed with processor circuitry of a computing system, the electronic operations comprising:
-
obtaining user interaction data from a plurality of user activities performed with a user interface of a computing device; obtaining contextual data that includes at least two of;
activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;determining a security level of a credential stored in a set of encrypted user credentials; generating, responsive to a request for access to the credential in the set of user credentials, a textual challenge question and a textual challenge answer based on the user interaction data, the contextual data, and the security level; display, in the user interface of the computing device, the textual challenge question; receive a response to the textual challenge question from a user, via the user interface; evaluating the response to the textual challenge question against the textual challenge answer to determine whether the response to the textual challenge question is correct; and transmitting the credential to a secure resource over a network responsive to determining that the response to the textual challenge question is correct. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computing device, comprising:
-
a sensor adapted to obtain contextual data based on user activity with the computing device, wherein the contextual data includes activity data collected from the sensor and event data collected from a calendar data source of the computing device; a data store adapted to store the contextual data; a memory adapted to provide a secure password vault to store a set of encrypted user credentials; and processor circuitry adapted to execute a plurality of instructions to implement; a user interface adapted to receive a request for a secure resource; a proxy interface adapted to intercept the request for the secure resource received by the user interface; and a proxy engine adapted to monitor the calendar data source and the sensor, the proxy engine adapted to store the contextual data in the data store wherein, responsive to the request for the secure resource intercepted by the proxy interface, the proxy engine is adapted to; determine a security value of the secure resource; generate a textual challenge question and a textual challenge answer based on the contextual data in the data store, the textual challenge question being presented via the proxy interface; generate an additional textual challenge question and an additional textual challenge answer, responsive to the security value being greater than a set security level, the additional textual challenge question and additional textual answer based on the contextual data in the data store; prevent access to the secure resource until a correct answer to the textual challenge question and the additional textual challenge question is received; and transmit a credential that corresponds to the secure resource, from the set of encrypted user credentials, to the secure resource. - View Dependent Claims (19, 20)
-
Specification