`(10) Patent No.:
`(12) United States Patent
`
`Jakobsson et al.
`(45) Date of Patent:
`Nov. 13, 2012
`
`USOO8312157B2
`
`(54)
`
`IMPLICIT AUTHENTICATION
`
`(75)
`
`.
`-
`-
`Inventors glomgiarklslgfikoisiog Mogmel‘m
`13%
`(U ),
`ar
`- ”ran “0 35:
`Burlingame, CA CUS);Ph111PPe J- R
`Golle, San Francisco, CA (US); Richard
`Chow Sunnyvale CA (Us). Ranting
`Shi SI’mn
`ale C’A (US)
`’
`’
`yV
`’
`
`.
`(73) ASSignee: Palo Alto Research Center
`Incorporated, Palo Alto, CA (US)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent iS extended 01‘ adjusted under 35
`U.S.C. 15403) by 645 days.
`
`(21) Appl.N0.: 12/504,159
`
`(22)
`
`Filed:
`
`Jul. 16, 2009
`
`(65)
`
`Prior Publication Data
`US 2011/0016534 A1
`Jan. 20, 2011
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06F 15/16
`(52) us. Cl.
`................ 709/229; 709/217; 726/2; 726/3;
`726/7; 726/30; 705/51
`(58) Field of Classification Search .............. 705/64467;
`726/7a 26, 27
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,098,052 A *
`8/2000 Kosiba et 31.
`................... 705/40
`6,282,658 B2 *
`8/2001 French et a1.
`...... 726/7
`...... 726/7
`6,496,936 B1 * 12/2002 French et a1.
`
`~~ 702/185
`3/2006 GOt‘ValS et 3L ~~
`7,0165809 B1 :
`7'13?ng
`3231(1); 31 * 13/3883 33:21:): 31%:
`
`...... 726/5
`7,305,701 B2 * 12/2007 Brezak et 31.
`7,571,472 B2 *
`8/2009 Royer
`..........
`726/19
`
`.. 713/186
`7,636,853 B2 * 12/2009 Cluts et a1.
`
`3/2010 Short etal. .................... 709/246
`7,689,716 B2*
`6/2010 Ross ..................
`726/6
`7,748,029 132*
`
`..
`.. 705/35
`7,856,384 B1* 12/2010 Kulasooriya et a1.
`
`......
`713/182
`7,877,611 B2*
`1/2011 Camacho et a1.
`.. 705/731
`2/2011 Gross .................
`7,890,363 B2*
`
`..... 726/17
`7,958,552 B2 *
`6/2011 Arnold et a1.
`
`11/2011 Beckman ............ 705/39
`8,065,227 B1 *
`
`
`2003/0208684 A1* 11/2003 Camacho et a1.
`713/186
`
`2005/0097320 A1*
`5/2005 Golan et a1.
`713/166
`2006/0273152 A1* 12/2006 Fields ................ 235/380
`6/2007 Singh ....................... 379/11414
`2007/0133768 A1*
`.
`d
`(Continue )
`OTHER PUBLICATIONS
`
`Weisstein, Eric W. “Quartile” From MathworldiA Wolfram Web
`Resource.
`http://mathw0rld.w01fram.c0m/quartile.html.
`down-
`loaded Jul. 16, 2009.
`
`(Continued)
`
`Primary Examiner 7 Mamon Obeid
`(74) Attorney, Agent, or Firm 7 Shun Yao; Park, Vaughan,
`Flemmg & Dower LLP
`
`ABSTRACT
`(57)
`Embodiments ofthe present disclosure provide a method and
`system for implicitly authenticating a user to access con-
`trolled resources. The system receives a request to access the
`controlled resources The system then determines a user
`behavior score based on a user behavior model, and recent
`contextualdata about the user. The user behavior score facili-
`tates identifying a level of conSistency between one or more
`recent user events and a past user behavior pattern. The recent
`contextual data, which comprise a plurality of data streams,
`are collected from one or more user devices without prompt-
`ing the user to perform an action explicitly associated with
`authentication. The plurality of data streams provide basis for
`determining the user behavior score, but a data stream alone
`provides insufficient basis for the determination of the user
`behavior score. The system also provides the user behavior
`score to an access controller of the controlled resource.
`
`23 Claims, 11 Drawing Sheets
`
`
`CONTROLLED RESOURCES
`
`
` APPLICATlON DATABASE
`Flli
`
`SERVER
`SERVER
`SERVER
`
`
`
`
`IMPLlClT
`AUTHENTIC/WON
`‘50
`
`REQUES?
`
`0/171
`
`((0
`COLLECTION
`AUTHENTlCATIDN
`in
`
`DATA
`COLLECTlON
`
`129
`
`
`
`
`
`
`
`
`JSER
`
`Page 1 of 22
`
`LAIOO6
`
`IA1006
`
`Page 1 of 22
`
`
`
`US 8,312,157 B2
`
`Page 2
`
`US. PATENT DOCUMENTS
`
`................ 382/115
`8/2007 Tsantes et al.
`2007/0177768 A1*
`..
`2007/0288319 A1* 12/2007 Robinson et al.
`705/14
`
`.............. 705/1
`2008/0103800 A1 *
`5/2008 Domenikos et al.
`2008/0162383 A1 *
`7/2008 Kraft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 705/500
`2008/0189776 A1 *
`8/2008 Constable
`~~~~~ 726/7
`2009/0006230 A1*
`1/2009 Lyda et al.
`705/35
`2009/0171723 A1*
`7/2009 Jenkins ............ 705/7
`2009/0198587 A1 *
`8/2009 Wagner et a1.
`.................. 705/26
`
`
`
`2010/0122347 A1*
`2011/0055373 A1*
`2011/0265162 A111
`
`5/2010 Nadler ............................ 726/26
`
`3/2011 B
`ah
`t
`1.
`709/224
`10/2011 Aging: 6:131.
`................ 726/7
`
`OTHER PUBLICATIONS
`Nisenson, Mordechai et 31., “Towards Behaviometric Security Sys-
`terns: Learning to Identify a Typist”, PKDD 2003, LNAI 2838, pp.
`363-374 2003.
`,
`* cited by examiner
`
`Page 2 of 22
`
`LAIOO6
`
`IA1006
`
`Page 2 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 1 of 11
`
`US 8,312,157 B2
`
`SECURETY
`
`18G
`
`Page 3 of 22
`
`LAIOO6
`
`IA1006
`
`Page 3 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 2 of 11
`
`US 8,312,157 B2
`
` CCNYRGLLBJRESOURLES
` EELE
`
`
`SERVER
`SERVER
`SERVER
`136 "'” 1G4
`
`
`
`
`
`APPLICATEON
`
`DATABASE
`
`
`*1MPUCH ‘
`H
`AUTHERRCARGN
`
`1‘
`
`‘;
`
`156
`
`,x//
`
`‘1
`,,
`1"“
`§§§§
`Egg;
`DAEA
`\\\L/?{
`COLLECTION
`110
`-
`DNA
` COLLECNON f 21 AUTHENWCARGN
`
`130
`
`140‘ 1‘
`ACCESS
`1”
`REQUEST
`“
`
`‘
`
`
`
`
`
`
`““\~12G
`USER
`
`
`BEWCES
`
`Page 4 of 22
`
`LAIOO6
`
`IA1006
`
`Page 4 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 3 of 11
`
`US 8,312,157 B2
`
`
`
`
`fig g?) USERDEVLES
`
`
`
`“.RRRMR
`122
`CQLLECRGR
`
`USER DEVICE
`
`
`
`
`
`EMPUCET
`‘
`
`; CORTRGLLER‘*
`AUTHEM
`
`
`RESOURCES
`
`TLCATEGN
`‘
`150
`
`
`
`,
`LOCAL
`
`RESOURCE
`
`
`ACCESS
`
`
`AUTHENTECATEON
`§
`LOCAL
`REQUEST
`
`
`MODULE :
`RERGRRCEg
` 130
`
`
` -L,A
`
`
`LOCAL
`;
`,
`R ,
`RESQURCE g,
`
`,
`
`,5
`103~3”
`
`‘
`
`,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, USER
`
`
`BRTR
`
`
`CGLLEC-
`
`HON
`
`§:§{E,
`
`‘E€3
`
`Page 5 of 22
`
`LAIOO6
`
`IA1006
`
`Page 5 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 4 of 11
`
`US 8,312,157 B2
`
`,
`‘109
`
`USERRCCESS
`REQUEST
`210
`
`230
`.~
`
`CONTEXTUAL DATA
`
`:
`,
`USERACCESS
`0%? REQUESTREC EVER
`RARE
`
`CQLLECTOR
`
`‘
`
`COREEXTRRL
`DATA
`
`‘
`
`GRAUER
`
`, . 26% SCORE
`
`SYSTEM FOR EMPLECET AUTHENTECATIGN
`
`RSER BEHA‘V‘EOR
`MOEELER
`
`«
`
`EMPLECET
`AUTHENTECATOR
`,
`.
`283RURERRCAROR
`:REQRRRRQR
`
`AUTHENTECATIQN
`
`INFORMATEQN
`
`PRESENTER
`
`PEG. 2
`
`Page 6 of 22
`
`LAIOO6
`
`IA1006
`
`Page 6 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 5 of 11
`
`US 8,312,157 B2
`
`RECEEVE USER ACCESS REQUEST
`
`QBTAEN USER BEHAVIOR MODEL
`
`~ “ 315‘
`
`QBTAiN RECENT CGNTEXTUAL DATA
`
`32‘3
`
`~ ‘
`
`(.255(7:)
`
`_ 3
`
`“ ‘
`
`DETERMWE USER BEHAVIORAL SCGRE EN
`ACCQRDANCE WITH USER BEHAVEGR
`
`MODELAND RECENT CONTEXTUAL DATA
`
`CALCULATE IMPUCET
`
`AUTHENTiCATEQN iNEORMATION
`
`.
`
`A
`
`- 34G
`
`PRRRIRERRTRERRCRRRR :NEORRRRQR
`
`~ 35‘3
`
`
`
`RETRRR
`
`
`
`Page 7 of 22
`
`LAIOO6
`
`IA1006
`
`Page 7 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 6 of 11
`
`US 8,312,157 B2
`
`1
`
`
`
`
`,1 SHAHUE”
`,,,,,,,,,
`,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
`,,,,,,,,,,,,,,,,,,
`
`
`., ,,,,,,,,,,,,,
`"
`TRIGGEREDBYAN
`RECREASESCOREBASED
`
`OBSERVE EVENT? H
`u
`"
`C'N LAPSED “ME
`
`
`
`
`
`CALCULATEQUAUTYMEASURE
`ASSHCHEEH WITH THE EVENT
`
`WITH THE TYPE OF GHSEHVAHQH
`
`CALCJLATHWHIGHTAHSOCAEEH
`
`40
`
`,
`
`, 420
`
`430
`
`
`
`
`
`
`QUAUTY MEASURE ARE} V‘HE GET
`‘ HHHE EEHEEEH ‘
`
`
`CQHHHTEHTEHEH
`”wMVHEERSHZ?
`
`
`DECREASESOQRE BASED ON
`
`
`SCHHEHELQH ‘
`- THRESHOLD?
`
`‘
`
`YES
`
`
`
`
`470 ~
`
`REQUEST USER
`AUTHENTECATE
`
`_ ,
`
`1NCREHSEECGREBASED QN
`
`QUALETY MEASUREN‘ V‘I’EEGHT
`
`Page 8 of 22
`
`LAIOO6
`
`IA1006
`
`Page 8 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 7 of 11
`
`US 8,312,157 B2
`
` RECEEVE USER
`
`~
`.
`.1 5,
`
`‘‘‘‘‘‘‘‘‘
`
`,
`
`
`BEHAViORAL SCQRE
`
`
`" E555555H05'
`55505155555155
`555555 ,1
`~
` ‘
`
`
`
`
`
`DETERMINE IMPLECIT
`EETERI‘AINE EMPLICH
`AUTHENTICATEON INFORMATEQH
`AUTHENTICATEGN INEGRMATEON
`
`
`
`
`?
`
`
`BEHAVEGRAL SCORE
`
`
`
`BASED ON WHETHER USER
`
`BEHAVIQRAL SCORE MEETS
`
`BASED OH COHERENCE LEVEL
`
`ASSQCIATED WETH USER
`
`THRESHOLD
`
`
`
`
`
`EEG. 5
`
`Page 9 of 22
`
`LAIOO6
`
`IA1006
`
`Page 9 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 8 of 11
`
`US 8,312,157 B2
`
`666
`
`CONTEXTUAL DATA
`‘
`VQTCE TATATTT
`GPS DATA 669
`‘
`
`. ~
`
`ACCELERQTMETER :0
`
`TYPTNG PATTERN 816
`
`PRGVTDER DATA
`
`APPLTCATEQN USAGE SATAgfl
`W TOEQTTTTLHTNTCTTTOT
`..
`I,
`T M LOCALCGNNECTTGN
`USER FINGERPRTN T663
`ATTEMPTS 6L6
`E)‘305
`CALENDAR DATATT
`VTCEDATA
`
`Q;
`
` ‘
`
`LOCATTQN DATA621
`
`‘JQTCEDATAQEQ
`
`TTTTVTTTTTKAVTTTTNTTCTTIOV
`ATTEMPTS625
`
`TRAFFTCPATTERNfigj
`DNSREQUESTSQZQ ,
`
`~
`
`,
`ATTTTCATTON USAGE LET “
`TVV E OF ATTTTCTTTQV US$563;
`DURAN 3N 0F APELTCATT ON 1.3% 6
`
`.
`
`,,
`
`APPLE CANONLivNTENT LTATA63.
`
`THERD PARTY
`
`EEG, 6
`
`Page 10 of 22
`
`LAIOO6
`
`IA1006
`
`Page 10 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 9 of 11
`
`US 8,312,157 B2
`
`PHGNENUMBER
`
`CALLTYPE
`
`” q
`
`I
`
`DURAHQN
`
`72%
`
`
`
`
`
`
`
`11111111111
`
`
`
`
`
`
`
`
`1111111111
`
`21111:1111111131:
`
`
`
`1111211111111
`7:111
`
`111111111111
`7111
`
`1:1163111
`
`USERBEHRWOR
`
`MOEEL
`
`?60
`
`
`002.63SEE
`
`
`Page 11 of 22
`
`LAIOO6
`
`IA1006
`
`Page 11 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 10 of 11
`
`US 8,312,157 B2
`
`USER MODEL
`
`LGOK UP TABLE
`
`YSO
`
`[HESEGRYE {EVENTS TEME ENTERVAL} = [{FlME-GF-DflfiiOCE‘ETO-EPM, PHONE'ACTEVEW=RECE§VE~=CALL{A§}, 10 MEN-‘3}
`
`‘
`
`[EVENT 2] LGCAEEON = LOCATEGN-E; PROBABEIW DiSTR. Pg; SCORENG DESTR. 32
`
`[EVENT E] BROWSEEACTE‘v’ET‘fiOPEN; PROBABELETY SESTR, P1; SCGRENG [Di-SEE. 3';
`
`HQ 78
`
`Page 12 of 22
`
`LAIOO6
`
`IA1006
`
`Page 12 of 22
`
`
`
`US. Patent
`
`Nov. 13, 2012
`
`Sheet 11 of 11
`
`US 8,312,157 B2
`
`
`
`NETWGRK
`
`
`
`
`
` ?RGCESSGR iiiiPLiCETv
`
`‘
`
`AUTHENTECATENG
`
`‘
`
`MECHANISM
`
`
`
`
`REQUEST~
`BEHAVEOR-
`
`\'
`SCORE-
`RECEMNG
`Emma
`
`MECHANESM
`
`MECHANISM
`
`
`
`
`
`
`
`
`
`
`
`
`BEHfVEOR;
`COLLECTING
`
`
`
`
`11%le
`MECHANISM
`
`
`
`
`MECHANESM
`*
`
`
`
`
`
`
`
`
`.
`
`BEVECE
`
`POENTiNG
`DE‘V’ECE
`
`HS. 8
`
`Page 13 of 22
`
`LAIOO6
`
`IA1006
`
`Page 13 of 22
`
`
`
`1
`IMPLICIT AUTHENTICATION
`
`BACKGROUND
`
`1. Field
`
`This disclosure is generally related to user authentication.
`More specifically, this disclosure is related to a method and
`system for implicitly authenticating a user to access a con-
`trolled resource based on contextual data indicating the user’ s
`behavior.
`2. Related Art
`
`A Mobile Internet Device (MID) is a multimedia-capable
`handheld computer providing wireless Internet access. MIDs
`are designed to provide entertainment, information and loca-
`tion-based services for personal use. As the market of MIDs
`expands, mobile commerce (also known as M-commerce) is
`experiencing rapid growth. There is a trend toward hosting
`applications and services on the Internet. This results in
`increased demand for Internet authenticationiwhether of
`
`devices, computers or users. Moreover, the use of digital
`rights management (DRM) policies will likely increase the
`need for frequent authentications. Some of such authentica-
`tions may happen simultaneously due to the increased use of
`mashups.
`On the other hand, the shift toward greater market penetra-
`tion of MIDs complicates password entry due to the limita-
`tions of MID input interfaces. Typing passwords on mobile
`devices, such as an iPhoneTM or a BlackBerryTM, can become
`a tedious and error-prone process.
`Single sign-on ($80) is an authentication mechanism to
`control the access of multiple, related, but independent soft-
`ware applications and services. With 880, a user logs in once
`and gains access to all applications and services without
`being prompted to log in again at each ofthem. $80 addresses
`the problem of frequent authentications. However, 880 does
`not defend against theft and compromise of devices because
`it only vouches for the identity of the device, not its user.
`
`SUMMARY
`
`One embodiment provides a system that implicitly authen-
`ticates a user of a Mobile Internet Device to access a con-
`
`trolled resource. The system first receives a request to access
`the controlled resource. Then, the system determines a user
`behavior score based on a user behavior model and recent
`
`contextual data, wherein the user behavior score facilitates
`identifying a level of consistency between one or more recent
`user events and a past user behavior pattern. The user behav-
`ior model is derived from historical contextual data of the
`user. The recent contextual data are recent data of the user
`
`collected from one or more user mobile devices indicating the
`user’ s recent behavior or one or more recent user events. The
`
`recent contextual data can be collected without prompting the
`user to perform an action explicitly associated with authenti-
`cation. Further, the recent contextual data include multiple
`data streams, which provide basis for the determination ofthe
`user behavior score. However, a data stream alone provides
`insufficient basis for the determination of the user behavior
`
`score. Next, the system provides the user behavior score to an
`access controller of the controlled resource, thereby making
`an authentication decision derived from the user behavior
`score for the user to access the controlled resource based at
`
`least on the userbehavior score. In addition, the system can be
`used in combination with another form of authentication.
`
`US 8,312,157 B2
`
`2
`
`In some embodiments, the system also collects contextual
`data of the user periodically from one or more user devices,
`and updates the user behavior model based on the collected
`contextual data of the user.
`
`the system also determines an
`In some embodiments,
`action based on the user behavior score. The action can be a
`demand for a further authentication.
`
`In some embodiments, the system also determines whether
`the user behavior score is higher than a predetermined thresh-
`old value, and if so, authenticates the user to access the
`controlled resource using the authentication decision derived
`from the user behavior score.
`
`In some embodiments, the system also uses the authenti-
`cation decision derived from the user behavior score to
`increase or decrease an assurance associated with another
`form of authentication.
`
`In some embodiments, the system also:
`observes the recent event associated with the recent con-
`textual data of the user;
`calculates a quality measure associated with the recent
`event;
`calculates a weight associated with the type ofobservation;
`determines whether the observed event is consistent with
`the user behavior model; and
`increases (if consistent) or decreases (if inconsistent) the
`user behavior score based on the quality measure and the
`weight.
`In some embodiments, the system also determines that the
`user behavior score is lower than a predetermined threshold
`value, and requests the user to provide a user credential,
`thereby explicitly authenticating the user to access the con-
`trolled resource.
`
`In some embodiments, the system collects the contextual
`data with a number of measurements. The user behavior
`
`model describes the past user behavior pattern by a combina-
`tion of one or more measurements.
`In some embodiments, the recent contextual data of the
`user are data from at least one of the following sources:
`device data that are available on a user device;
`carrier data that are available to a network carrier; and
`third-party provider data that are available to a third-party
`provider providing an application to the user.
`In some embodiments, the recent contextual data of the
`user comprise one or more of: GPS data, accelerometer data,
`voice data, sensor data, application usage data, web browser
`data, authentication attempts, connection attempts, network
`traffic pattern, DNS requests, typing pattern, biometric data,
`social group membership information, and user demograph-
`ics data.
`In some embodiments, the user behavior model is stored in
`a user model look-up table. The user model look-up table
`comprises historical information on whether a condition is
`satisfied, and information on a plurality of user events. Each
`event is associated with a probability distribution and a score
`distribution.
`
`In some embodiments, the system collects historical con-
`textual data via one or more of a survey of contextual infor-
`mation about the user entered by a representative of the user,
`an accumulation of periodically transmitted contextual data
`ofthe user from one or more mobile devices, or an inheritance
`of the contextual information about the user from another
`device associated with the user.
`
`5
`
`10
`
`20
`
`25
`
`30
`
`40
`
`45
`
`50
`
`55
`
`60
`
`In some embodiments, the system derives the user behavior
`model from a second model of a group of users sharing
`similar characteristics.
`
`65
`
`In some embodiments, the recent event belongs to one of a
`plurality of categories. The plurality of categories comprise
`
`Page 14 of 22
`
`LAIOO6
`
`IA1006
`
`Page 14 of 22
`
`
`
`US 8,312,157 B2
`
`3
`one or more of: (l) a very positive event; (2) a positive event;
`(3) a neutral event; (4) a negative event; and (5) a very nega-
`tive event. The determination of increasing or decreasing the
`user behavior score and the amount of increment or decre-
`
`ment are associated with the category to which the recent
`event belongs.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`FIG. 1A shows a diagram of the usability and security of
`different authentication techniques.
`FIG. 1B shows a schematic diagram ofa system for implic-
`itly authenticating a user to access a controlled network
`resource in accordance with an embodiment.
`
`FIG. 1C shows a schematic diagram of a computing envi-
`ronment for implicitly authenticating a user to access a con-
`trolled local resource in accordance with an embodiment of
`
`the present invention.
`FIG. 2 shows a block diagram of a computing environment
`for implicitly authenticating a user to access a controlled
`resource in accordance with an embodiment of the present
`invention.
`
`FIG. 3 shows a flow chart illustrating a method for implic-
`itly authenticating a user to access a controlled resource in
`accordance with an embodiment of the present invention.
`FIG. 4 shows a flow chart illustrating the determination of
`a user behavior score based on the user behavior model and
`recent contextual user behavioral data in accordance with an
`
`embodiment of the present invention.
`FIG. 5 shows a flow chart illustrating the calculation of
`implicit authenticating information in accordance with an
`embodiment of the present invention.
`FIG. 6 shows a diagram of contextual data in accordance
`with an embodiment of the present invention.
`FIG. 7A shows a diagram ofa userbehavior model describ-
`ing the user’s historical behavior patterns in accordance with
`an embodiment of the present invention.
`FIG. 7B shows a user model look-up table used to store a
`user behavior model in accordance with an embodiment of
`
`the present invention.
`FIG. 8 shows a block diagram ofan apparatus for implicitly
`authenticating a user to access a controlled resource in accor-
`dance with an embodiment of the present invention.
`In the figures, like reference numerals refer to the same
`figure elements.
`
`DETAILED DESCRIPTION
`
`The following description is presented to enable any per-
`son skilled in the art to make and use the embodiments, and is
`provided in the context of a particular application and its
`requirements. Various modifications to the disclosed embodi-
`ments will be readily apparent to those skilled in the art, and
`the general principles defined herein may be applied to other
`embodiments and applications without departing from the
`spirit and scope of the present disclosure. Thus, the present
`invention is not limited to the embodiments shown, but is to
`be accorded the widest scope consistent with the principles
`and features disclosed herein.
`Overview
`
`Embodiments of the present invention provide a method
`for implicitly authenticating a user to access a controlled
`resource without the need for entering passwords or answer-
`ing any authentication questions. In addition, the method can
`be used as a second-factor mechanism for authentication in
`combination with another authentication method.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`In one embodiment, a mobile device automatically detects
`the environment that a user is in, and the activities that the user
`is engaged in. If the environment and the activities exhibit
`familiar patterns (for example, if the user is detected to be in
`her home, or if the user has just made a ten-minute phone call
`to her significant other), then it is deemed safe to authenticate
`the user without prompting for a password or security ques-
`tion. On the other hand, if the detected environment and
`activities associated with the user exhibit anomalies or devia-
`tions from the user’s normal behavior, it is deemed unsafe to
`grant access to the user, as the device may have been lost or
`stolen.
`
`Furthermore, the system can periodically collect contex-
`tual data of the user from one or more user devices. The
`
`system can then update the user behavior model based on the
`periodically collected contextual data.
`In some embodiments, the system calculates a user behav-
`ior score based on a user behavior model derived from his-
`torical contextual data of the user, recent contextual data of
`the user collected from one or more user devices, and option-
`ally a request to access controlled resources from the user. If
`the user behavior score is higher than a predetermined thresh-
`old, the system authenticates the user to access the controlled
`resource. If the user behavior score is lower than the prede-
`termined threshold, the system requires the user to be authen-
`ticated explicitly, for example, by requesting the user to pro-
`vide a user credential to access the controlled resource.
`
`FIG. 1A shows a diagram illustrating usability 170 and
`security 180 of different authentication techniques. In this
`diagram, the x-axis represents usability 170 and the y-axis
`represents security 180. Curve 190 represents an inverse rela-
`tionship between usability and security associated with a
`conventional authentication technique. For example, point
`182 on curve 190 has a coordinate of(X182,Y1 82). That means
`for a given level ofusability X182, the conventional technique
`can achieve a certain degree of security Ylsz. With the con-
`ventional technique, in order to make the systems more user-
`friendly,
`the degree of security of the systems typically
`decreases accordingly. Likewise, in order to make a conven-
`tional system more secure, the level of usability of the system
`will typically decrease.
`Curve 195 represents a relationship between usability and
`security associated with embodiments of the present inven-
`tion, which uses implicit authentication. Implicit authentica-
`tion may be used as a complement to or a replacement for
`traditional password authentication.
`Point 184 on curve 195 represents the usability/security
`tradeoff when implicit authentication is used as a comple-
`ment to the traditional password authentication. Point 184
`shares the same x-coordinate as point 182 on curve 190,
`which means the level ofusability does not change. However,
`point 184 has a larger y-coordinate compared to point 182,
`which means systems, which are used as complements to
`conventional forms of authentication, in accordance with the
`present invention increase the degree of security when the
`level of usability remains the same as conventional systems.
`The systems can use the implicit authentication decision to
`authenticate the user to access the controlled resource.
`
`Point 186 on curve 195 represents the usability/security
`tradeoffwhen implicit authentication is used as a replacement
`for the traditional password authentication. Point 186 shares
`the same y-coordinate as point 182 on curve 190, which
`means the degree of security does not change. However, point
`186 has a larger x-coordinate compared to point 182, which
`means systems, which are used as replacements of conven-
`tional forms of authentication, in accordance with the present
`invention increase the level of usability when the degree of
`
`Page 15 of 22
`
`LAIOO6
`
`IA1006
`
`Page 15 of 22
`
`
`
`US 8,312,157 B2
`
`5
`security remains the same as conventional systems. The sys-
`tems can use the implicit authentication decision to increase
`or decrease an assurance level associated with another form
`
`of authentication, e.g. password.
`Computing Environment
`FIG. 1B shows a schematic diagram of a computing envi-
`ronment for implicitly authenticating a user to access a con-
`trolled network resource in accordance with an embodiment
`
`ofthe present invention. In this example, the computing envi-
`ronment includes controlled resources 100, an authentication
`server 110, a plurality of user devices 120 and a user 160.
`Controlled resources 100 can include any resources on a
`network, and a mechanism for providing access to such
`resources upon receiving requests from a user. For example,
`controlled resources 100 may include, but are not limited to,
`a file server 102, an application server 104, a database server
`106, a mail server (not shown), etc. Authentication server 110
`can be any type of computational device capable of perform-
`ing an authorization or authentication operation of a user or a
`transaction. User devices 120 can generally include any node
`on a network including computational capability, a mecha-
`nism for communicating across the network, and a human
`interaction interface. This includes, but is not limited to, a
`smart phone device 121, a personal digital assistant (PDA)
`123, a tablet PC 125, a workstation 127, a laptop 129, etc.
`Note that although the present invention optimally is used
`with mobile Internet devices, it can be used with any type of
`computational devices.
`During operation, a user 160 sends a request 140 to access
`a network resource 100. Authentication server 110 collects
`contextual data about the user 160 from user devices 120
`
`(operation 130), and presents implicit authentication infor-
`mation 150 to the access controller of controlled resource 100
`to facilitate authentication of the user 160. In one embodi-
`ment, authentication server 110 collects contextual data about
`the user 160 after controlled resource 100 receives the access
`
`35
`
`request 140 from user devices 120. In one embodiment,
`authentication server 110 collects contextual data from user
`
`devices 120 and periodically updates a user behavior model
`about user 160.
`
`FIG. 1C shows a schematic diagram ofa system for implic-
`itly authenticating a user to access a controlled local resource
`in accordance with an embodiment. In this embodiment, the
`computing environment includes a user 160, a specific user
`device 122 with controlled resources 100 and a plurality of
`other user devices 120. The specific user device 122 includes
`controlled resources 100 and authentication module 115.
`
`Controlled resources 100 can include any local resources
`located on the specific user device 122 and a mechanism for
`providing access to such resources upon receiving requests
`from user 160. Controlled resources 100 may include, but are
`not limited to, a local file 101, a local application 103, a local
`database 105, an email message (not shown), etc. Authenti-
`cation module 115 can be any type of computational module
`capable of authenticating a user or a transaction. Other user
`devices 120 can generally include any node on a network that
`user 160 has access to. Such devices include, but are not
`limited to, a smart phone device, a PDA, a tablet PC, a work-
`station, a laptop, etc.
`During operation, user 160 sends a request 140 to access
`local resource 100. Authentication module 115 collects con-
`textual data about user 160 from other user devices 120 as
`
`well as controlled local resources 100 (operation 130), and
`presents implicit authentication information 150 to the access
`controller of controlled resource 100 to facilitate authentica-
`tion of user 160.
`
`6
`
`Implicit Authentication
`FIG. 2 shows a block diagram of a system 200 for implic-
`itly authenticating a user to access a controlled resource in
`accordance with an embodiment. System 200 includes a user
`access request receiver 220, a behavioral score grader 250, an
`implicit authenticator 270, and an authentication information
`presenter 290. System 200 additionally includes a contextual
`data collector 230 and a user behavior modeler 240.
`
`User access request receiver 220 receives user access
`request 210 from a user 160, and can be a network port, a
`wireless receiver, a radio receiver, a media receiver, etc.,
`without any limitations. User access request 210 may be
`received from user 160, from a resource controller, or from
`another module that is capable of passing the request. User
`access request receiver 220 receives and analyzes the user
`access request 210 and forwards request 210 to the behavioral
`score grader 250. In some embodiments, user 160 may not be
`issuing any request, and the user’s device may be a passive
`responder. Also, the device may be non-operative and/or non-
`reachable at the time of the request, but have recently com-
`municated its state.
`
`Behavioral score grader 250 calculates a behavioral score
`ofuser 160, and can be any computing device with a process-
`ing logic and a communication mechanism. Behavioral score
`grader 250 receives forwarded user access request 210, recent
`data 245 from contextual data collector 23 0, and a user behav-
`ior model 255 from user behavior modeler 240. Behavioral
`
`10
`
`15
`
`20
`
`25
`
`score grader 250 then calculates a user behavioral score 260
`based on the request 210, the recent contextual data 245, and
`user behavior model 255. User behavior score 260 indicates
`
`30
`
`the likelihoodthat user 160 who sends user access request 210
`from a user device is the owner of the user device. User
`
`behavior score 260 can be adjusted upwards or downwards
`based on a sequence of observed events associated with the
`user device. User behavior score 260 is then sent to implicit
`authenticator 270 to facilitate implicit authentication of the
`user.
`Contextual data collector 230 collects contextual data
`
`40
`
`about user 160, and can be any device with a storage and a
`communication mechanism. Contextual data 245 are data that
`
`serve to indicate a user’ s behavior or environment. Examples
`ofcontextual data 245 include locations, movements, actions,
`biometrics, authentication outcomes, application usage, web
`browser data (e. g., recently visited sites), etc. Contextual data
`245 can be collected from a device, a carrier, and/or a third-
`party provider. Contextual data collector 230 sends the col-
`lected recent contextual data 245 to behavioral score grader
`250, as well as user behavior modeler 240.
`The user behavior modeler 240 creates a user behavior
`model 255 based on the contextual data 245 about user 160.
`User behavior model 255 describes a user’ s historical behav-
`
`ior patterns. User behavior model 255 can include a history
`string which corresponds to a sequence of observed events, a
`probability distribution which corresponds to the likelihood
`of the observed events happening as a function of time, and a
`score distribution which corresponds to the change in user
`behavior score 260 resulting from the observed events as a
`function of time. User behavior modeler 240 can be any type
`of computing device or component with a computational
`mechanism.
`
`Implicit authenticator 270 calculates implicit authentica-
`tion information 280 based on user behavioral score 260.
`
`Implicit authentication information 280 is information that
`facilitates the access controller of controlled resources to
`
`Implicit authentication
`make an authentication decision.
`information 280 can be a binary decision or a confidence level
`based on user behavior score 260. Implicit authentication
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Page 16 of 22
`
`LAIOO6
`
`IA1006
`
`Page 16 of 22
`
`
`
`US 8,312,157 B2
`
`7
`information presenter 290 presents implicit authentication
`information 280 to the access controller of controlled
`resources.
`
`FIG. 3 shows a flow chart illustrating a method for implic-
`itly authenticating a user to access a controlled resource in
`accordance with an embodiment.
`
`5
`
`During operation, the system receives a user access request
`(operation 300). The user access request can contain login
`credentials for resource authentication. In other embodi-
`
`the user access request can merely identify the
`ments,
`resource to be accessed without providing any login creden-
`tials or authentication information.
`
`The system then obtains a user behavior model (operation
`310) associated with the user who sends the access request.
`The system also obtains recent contextual data (operation
`320) associated with the user. Based on the request, the user
`behavior model, and the recent contextual data (which
`describes recent user behavior), the system determines a user
`behavioral score (operation 330). The user behavioral score
`indicates whether the user’s recent behavioral data fit the
`
`user’s behavioral pattern as described by the user behavior
`model, and a level of consistency between the user’s recent
`contextual behavioral data and the user behavior model. Note
`that for the same set ofrecent contextual data and user behav-
`
`ior model, the user behavioral score may vary depending on
`the nature of the request.
`Next, the system calculates implicit authentication infor-
`mation (operation 340). The implicit authentication informa-
`tion can be a binary authentication decision, or a confidence
`level. Finally, the system presents the authentication informa-
`tion to the resource controller, the user, or another exter