Security challenge assisted password proxy

US 9,794,228 B2
Filed: 11/05/2015
Issued: 10/17/2017
Est. Priority Date: 03/05/2013
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine readable storage medium comprising a plurality of instructions for contextual authentication that, responsive to being executed with processor circuitry of a computing device, cause the computing device to:

process a contextual data set for a human user, the contextual data set including at least two of;

activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;

process a request for access to a secured resource received via a user interface of the computing device;

determine a security level of a credential stored in a set of encrypted user credentials;

generate a textual challenge question and a textual challenge answer based on at least two of;

activity characteristics of the human user indicated in the activity data, event characteristics of an event involving the human user indicated in the event data, or location characteristics of the human user indicated in the location data;

provide the textual challenge question for output in the user interface of the computing device;

evaluate a response to the textual challenge question received via the user interface of the computing device, wherein the response is evaluated against the textual challenge answer to determine a correct response status or an incorrect response status; and

provide the credential to the secured resource responsive to the correct response status.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, apparatus, and methods of authentication utilizing contextual data to authenticate individuals and prevent security breaches are described herein. An example proxy engine may monitor interactions with a computing device to obtain contextual data unique to a user. The contextual data may be utilized to generate unique challenge questions in response to requests for access to a secure resource, and may eliminate the need for a user to remember credentials to access the resource. Challenge questions may be limited to a single use and vary in difficulty in proportion to the value of the resource. In response to correct responses to challenge question(s), the proxy engine may access a vault containing a credential authorizing access to the resource. The vault and proxy engine may be entirely contained on the computing device or they may be implemented on a remote apparatus accessed via an application or interface on the computing device.

Citations

20 Claims

1. At least one non-transitory machine readable storage medium comprising a plurality of instructions for contextual authentication that, responsive to being executed with processor circuitry of a computing device, cause the computing device to:
- process a contextual data set for a human user, the contextual data set including at least two of;
  
  activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;
  
  process a request for access to a secured resource received via a user interface of the computing device;
  
  determine a security level of a credential stored in a set of encrypted user credentials;
  
  generate a textual challenge question and a textual challenge answer based on at least two of;
  
  activity characteristics of the human user indicated in the activity data, event characteristics of an event involving the human user indicated in the event data, or location characteristics of the human user indicated in the location data;
  
  provide the textual challenge question for output in the user interface of the computing device;
  
  evaluate a response to the textual challenge question received via the user interface of the computing device, wherein the response is evaluated against the textual challenge answer to determine a correct response status or an incorrect response status; and
  
  provide the credential to the secured resource responsive to the correct response status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The machine readable storage medium of claim 1, wherein the user interface of the computing device is a graphical user interface, the plurality of instructions further including instructions that cause the computing device to:
    - collect the activity data from the activity sensor of the computing device;
      
      receive the request for access to the secured resource in the graphical user interface;
      
      display the challenge question in the graphical user interface; and
      
      receive the response to the textual challenge question in the graphical user interface;
      
      wherein the instructions that provide the credential to the secured resource cause the computing device to transmit the credential to the secured resource via a network connection.
  - 3. The machine readable storage medium of claim 1, the plurality of instructions further including instructions that cause the computing device to:
    - maintain a timer for a period of time, during which the response to the textual challenge question can be received via the user interface.
  - 4. The machine readable storage medium of claim 1, the plurality of instructions further including instructions that cause the computing device to:
    - maintain the credential in an encrypted proxy vault on the computing device, wherein the credential corresponds to authentication information for the secured resource.
  - 5. The machine readable storage medium of claim 4, wherein the credential that corresponds to authentication information for the secured resource includes a username and password combination that is maintained in the encrypted proxy vault.
  - 6. The machine readable storage medium of claim 1, the plurality of instructions further including instructions that cause the computing device to:
    - determine a security value of the secure resource associated with the credential;
      
      generate an additional textual challenge question and an additional textual challenge answer, responsive to the security value being greater than a set security level, the additional textual challenge question and textual challenge answer based on at least two of;
      
      additional activity characteristics of the human user indicated in the activity data, additional event characteristics of an event involving the human user indicated in the event data, or additional location characteristics of the human user indicated in the location data; and
      
      evaluate a second response to the additional textual challenge question received via the user interface of the computing device, wherein the second response is evaluated against the additional textual challenge answer to determine a correct second response status or an incorrect second response status;
      
      wherein the credential is provided to the secured resource responsive to a determination of both of the correct response status and the correct second response status.
  - 7. The machine readable storage medium of claim 1. the plurality of instructions further including instructions that cause the computing device to:
    - request a username and password combination via the user interface responsive to the incorrect response status.
  - 8. The machine readable storage medium of claim 1, the plurality of instructions further including instructions that cause the computing device to:
    - monitor a user activity performed in the user interface of the computing device, the contextual data set further including activity data collected from the user activity performed in the user interface of the computing device.
  - 9. The machine readable storage medium of claim 8, wherein the instructions to cause the computing device to monitor user activity performed in the user interface of the computing device results in an access of at least one of:
    - a calendar database, an e-mail communication, a text message, data indicating a geographic location of the computing device, audio signals from a microphone, web browsing history, social network interactions, or a list of user contacts.
  - 10. The machine readable storage medium of claim 1, wherein the secured resource includes at least one of:
    - a bank website, a financial institution portal, an educational institution, a government service, a social network, an e-mail service, a media outlet, a gaming environment, a virtual reality system, or a massive role-playing game.
  - 11. The machine readable storage medium of claim 1, the plurality of instructions further including instructions that cause the computing device to:
    - generate the textual challenge question based on personal data stored on the computing device.

12. A method for contextual authentication, comprising electronic operations performed with processor circuitry of a computing system, the electronic operations comprising:
- obtaining user interaction data from a plurality of user activities performed with a user interface of a computing device;
  
  obtaining contextual data that includes at least two of;
  
  activity data collected from an activity sensor of the computing device, event data collected from a calendar data source of the computing device, and location data collected from a location sensor of the computing device;
  
  determining a security level of a credential stored in a set of encrypted user credentials;
  
  generating, responsive to a request for access to the credential in the set of user credentials, a textual challenge question and a textual challenge answer based on the user interaction data, the contextual data, and the security level;
  
  display, in the user interface of the computing device, the textual challenge question;
  
  receive a response to the textual challenge question from a user, via the user interface;
  
  evaluating the response to the textual challenge question against the textual challenge answer to determine whether the response to the textual challenge question is correct; and
  
  transmitting the credential to a secure resource over a network responsive to determining that the response to the textual challenge question is correct.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12,wherein the set of encrypted user credentials is in a data store and the data store is maintained in a storage device of the computing system.
  - 14. The method of claim 12, further comprising:
    - generating an additional textual challenge question and an additional textual challenge answer, responsive to the security level of the credential being greater than a set security level, the additional textual challenge question and textual challenge answer based on a user specific contextual data item of one or both of the user interaction data and the contextual data; and
      
      evaluating a response to the additional textual challenge question against the additional textual challenge answer to determine whether the response to the additional textual challenge question is correct;
      
      wherein transmitting the credential to the secure resource over the network further requires that the response to the additional textual challenge question is correct.
  - 15. The method of claim 14, further comprising:
    - determining a cognitive status of a user based on the response to the textual challenge question;
      
      wherein generating the additional textual challenge question includes adapting a difficulty level of the additional textual challenge question to the cognitive status of the user.
  - 16. The method of claim 12, wherein the secure resource is a website that provides access responsive to a username-password combination included in the set of user credentials.
  - 17. The method of claim 12, further comprising:
    - generating a plurality of incorrect answers to the textual challenge question; and
      
      displaying the textual challenge question, the plurality of incorrect answers to the textual challenge question, and the textual challenge answer to the textual challenge question, on a display of the computing device.

18. A computing device, comprising:
- a sensor adapted to obtain contextual data based on user activity with the computing device, wherein the contextual data includes activity data collected from the sensor and event data collected from a calendar data source of the computing device;
  
  a data store adapted to store the contextual data;
  
  a memory adapted to provide a secure password vault to store a set of encrypted user credentials; and
  
  processor circuitry adapted to execute a plurality of instructions to implement;
  
  a user interface adapted to receive a request for a secure resource;
  
  a proxy interface adapted to intercept the request for the secure resource received by the user interface; and
  
  a proxy engine adapted to monitor the calendar data source and the sensor, the proxy engine adapted to store the contextual data in the data store wherein, responsive to the request for the secure resource intercepted by the proxy interface, the proxy engine is adapted to;
  
  determine a security value of the secure resource;
  
  generate a textual challenge question and a textual challenge answer based on the contextual data in the data store, the textual challenge question being presented via the proxy interface;
  
  generate an additional textual challenge question and an additional textual challenge answer, responsive to the security value being greater than a set security level, the additional textual challenge question and additional textual answer based on the contextual data in the data store;
  
  prevent access to the secure resource until a correct answer to the textual challenge question and the additional textual challenge question is received; and
  
  transmit a credential that corresponds to the secure resource, from the set of encrypted user credentials, to the secure resource.
- View Dependent Claims (19, 20)
- - 19. The computing device of claim 18, the processor circuitry further adapted to execute instructions to implement:
    - a password proxy service, the password proxy service being configured to maintain the secure password vault, wherein responsive to the proxy engine indicating that the correct answer to the textual challenge question and the additional textual challenge question was received, the password proxy service transmits a credential that corresponds to the secure resource, from the set of user credentials, to the secure resource.
  - 20. The computing device of claim 18, wherein the secure password vault is adapted to maintain a record of a plurality of credentials for a plurality of secure resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Li, Hong, Wouhaybi, Rita H, Kohlenberg, Tobias
Primary Examiner(s)
Abedin, Shanto M

Application Number

US14/933,593
Publication Number

US 20160057110A1
Time in Patent Office

712 Days
Field of Search

726 2- 7
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 2221/2103   Challenge-response

H04L 63/0281   Proxies

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

Security challenge assisted password proxy

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security challenge assisted password proxy

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links