Continuous authentication confidence module

US 9,871,779 B2
Filed: 08/28/2015
Issued: 01/16/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

processor circuitry to operate in a trusted execution environment (TEE);

sensor circuitry comprising at least one sensor to capture sensor input and a system monitoring module to monitor operation of the system and to collect monitor data related to the monitoring;

communication circuitry to communicate with a remote communication partner; and

a continuous authentication confidence module (CACM) to execute in the TEE and to;

determine a confidence score in response to an initial authentication of a specific user, the confidence score to indicate a current strength of authentication at a point in time during a session;

select a type of presence data for use to update the confidence score based, at least in part, on a level of the confidence score, wherein the CACM is to select a first presence data to update the confidence score when the confidence score is less than a first threshold and select a second presence data to update the confidence score when the confidence score is greater than the first threshold, wherein the first presence data acquisition is to consume more power than the second presence data acquisition;

update the confidence score based, at least in part, on at least one of an expectation of user presence and the selected type of presence data; and

notify the remote communication partner that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Citations

17 Claims

1. A system comprising:
- processor circuitry to operate in a trusted execution environment (TEE);
  
  sensor circuitry comprising at least one sensor to capture sensor input and a system monitoring module to monitor operation of the system and to collect monitor data related to the monitoring;
  
  communication circuitry to communicate with a remote communication partner; and
  
  a continuous authentication confidence module (CACM) to execute in the TEE and to;
  
  determine a confidence score in response to an initial authentication of a specific user, the confidence score to indicate a current strength of authentication at a point in time during a session;
  
  select a type of presence data for use to update the confidence score based, at least in part, on a level of the confidence score, wherein the CACM is to select a first presence data to update the confidence score when the confidence score is less than a first threshold and select a second presence data to update the confidence score when the confidence score is greater than the first threshold, wherein the first presence data acquisition is to consume more power than the second presence data acquisition;
  
  update the confidence score based, at least in part, on at least one of an expectation of user presence and the selected type of presence data; and
  
  notify the remote communication partner that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein when the confidence score is at or above a confidence score power threshold, the CACM is to select the type of presence data based at least in part on a power consumption associated with acquisition of the selected type of presence data.
  - 3. The system of claim 1, wherein the CACM is to:
    - determine a confidence value based, at least in part, on the selected type of presence data; and
      
      adjust the confidence score based, at least in part, on the confidence value.
  - 4. The system of claim 1, wherein the selected type of presence data comprises at least one of human presence data to indicate whether an unidentified human is present and user presence data to indicate whether the specific user is present.
  - 5. The system of claim 1, wherein the CACM is further to determine the confidence score based, at least in part, on a time since authentication.
  - 6. The system of claim 1, wherein when the confidence score is below an active factor threshold, the CACM is to select the type of presence data based, at least in part, on user presence data associated with an active factor.
  - 7. The system of claim 1, wherein the CACM is to decay the confidence score over a time duration.
  - 8. The system of claim 1, wherein the system comprises a portable device.
  - 9. The system of claim 1, wherein the processor circuitry comprises a converged security engine to execute in the TEE.
  - 10. The system of claim 1, wherein the system is to attest to the remote communication partner when the session is established.

11. A method comprising:
- determining, in a trusted execution environment (TEE) of a computing device, a confidence score in response to an initial authentication of a specific user to the computing device, the confidence score to indicate a current strength of authentication at a point in time during a session established between the computing device and a remote communication partner;
  
  selecting, in the TEE, a type of presence data for use to update the confidence score based, at least in part, on a level of the confidence score and when the confidence score is at or above a confidence score power threshold, selecting the type of presence data based at least in part on a power consumption associated with acquisition of the selected type of presence data;
  
  updating, in the TEE, the confidence score based, at least in part, on at least one of an expectation of user presence and the selected type of presence data; and
  
  notifying the remote communication partner that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising selecting a first presence data to update the confidence score when the confidence score is less than a first threshold and selecting a second presence data to update the confidence score when the confidence score is greater than the first threshold, wherein the first presence data acquisition is to consume more power than the second presence data acquisition.
  - 13. The method of claim 11, wherein the selected type of presence data comprises at least one of human presence data to indicate whether an unidentified human is present and user presence data to indicate whether the specific user is present.
  - 14. The method of claim 11, wherein when the confidence score is below an active factor threshold, updating the confidence score comprises selecting the type of presence data based at least in part on user presence data associated with an active factor.

15. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
- determine, in a trusted execution environment (TEE) of the system, a confidence score in response to an initial authentication of a specific user to the system, the confidence score to indicate a current strength of authentication at a point in time during a session established between the system and a remote communication partner;
  
  select, in the TEE, a type of presence data for use to update the confidence score based, at least in part, on a level of the confidence score and when the confidence score is at or above a confidence score power threshold, select the type of presence data based at least in part on a power consumption associated with acquisition of the selected type of presence data;
  
  update, in the TEE, the confidence score based, at least in part, on at least one of an expectation of user presence and the selected type of presence data; and
  
  notify the remote communication partner that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold.
- View Dependent Claims (16, 17)
- - 16. The at least one non-transitory computer readable medium of claim 15, further comprising instructions that when executed enable the system to select a first presence data to update the confidence score when the confidence score is less than a first threshold.
  - 17. The at least one non-transitory computer readable medium of claim 16, further comprising instructions that when executed enable the system to select a second presence data to update the confidence score when the confidence score is greater than the first threshold, wherein the first presence data acquisition is to consume more power than the second presence data acquisition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Sheller, Micah J., Cahill, Conor P., Martin, Jason, Smith, Ned M., Baker, Brandon
Primary Examiner(s)
DO, KHANG D

Application Number

US14/838,731
Publication Number

US 20150373007A1
Time in Patent Office

872 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2139   Recurrent verification

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 67/14   Session management for real...

H04L 67/54   Presence management, e.g. m...

Continuous authentication confidence module

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Continuous authentication confidence module

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links