WO2016167895A1 - Performing user seamless authentications - Google Patents

Performing user seamless authentications Download PDF

Info

Publication number
WO2016167895A1
WO2016167895A1 PCT/US2016/020615 US2016020615W WO2016167895A1 WO 2016167895 A1 WO2016167895 A1 WO 2016167895A1 US 2016020615 W US2016020615 W US 2016020615W WO 2016167895 A1 WO2016167895 A1 WO 2016167895A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
user
authentication
wearable
factor
Prior art date
Application number
PCT/US2016/020615
Other languages
French (fr)
Inventor
Jason Martin
Rahuldeva GHOSH
Cory CORNELIUS
Ian R. Oliver
Ramune Nagisetty
Steven B. Mcgowan
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to EP16780420.2A priority Critical patent/EP3283997A4/en
Priority to CN201680015830.9A priority patent/CN107408167A/en
Publication of WO2016167895A1 publication Critical patent/WO2016167895A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/305Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Definitions

  • FIG. 1 illustrates some examples of form factors of embodiments of wearable devices.
  • FIG. 2 is flow diagram of a high level method of a user authentication in accordance with an embodiment of the present invention.
  • FIG. 3 is an illustration of fields of a token in accordance with an
  • FIG. 4 illustrates example components included in an embodiment of the wearable device.
  • FIG. 5 illustrates an embodiment of a protected device incorporating authentication technology consistent with the present disclosure.
  • FIG. 6 is a block diagram of a network architecture in accordance with an embodiment of the present invention.
  • FIG. 7 is a block diagram of a wearable module in accordance with another embodiment.
  • FIG. 8 illustrates another system to perform proximity-based authentications as described herein.
  • FIG. 9 is a flow diagram of a method in accordance with an embodiment. Detailed Description
  • multiple devices may participate in a user authentication using one or more tokens to provide a mechanism to securely represent multi-factor authentication information, allowing a device (such as a wearable device) that provides a technical guarantee that its tokens represent historical multi-factor authentication and context information with the same or similar strength to an original authentication of the user, reducing user burden.
  • a device such as a wearable device
  • a device which a user has in close proximity to the user can securely represent authentication decisions to other devices.
  • Such device can also securely represent historical authentication context for later re-use by other devices to improve user experience.
  • context can take the form of registration information, authentication tokens, and on-body or human presence tokens (also referred to herein as a proximity token).
  • a "proximity token” or "on-body token” may be used in a given authentication scheme to indicate whether a user is wearing (and/or is in close proximity to) the device.
  • this context can be stored in a database (potentially stored locally in a user device or remotely in a storage of a cloud identity provider) in a manner to allow sharing and synchronization to authentication policy enforcement endpoints.
  • security requirements may be enforced, while minimizing the negative user experience impact of authentication as much as possible.
  • Embodiments may be applicable to a variety of different devices and use cases, and modes, such as a wide variety of different user authentication systems. Some examples are for use with a passive device such as a wireless-capable device (e.g., a Bluetooth low energy (BLE)) device that does not support on-device authentication. Other examples are for use with an active device such as a wireless- capable device that supports on-device authentication.
  • BLE Bluetooth low energy
  • a wearable device is used to represent a strong or multi-factor
  • the basic model involves the user putting the device on and then performing a strong or multi-factor authentication through a second device which may have been paired to the wearable device, or may be enrolled in an identity service which has been paired to the wearable device.
  • a wearable device can be paired with a cloud or enterprise service, which would then allow the user to use the wearable with any nearby device that is enrolled with that service.
  • Such embodiments may be applicable for enterprise deployment and consumer deployment across many devices.
  • an identity solution may first determine that the wearable device is in close proximity to one or more primary factors of authentication before generating tokens and storing them in the wearable device.
  • the wearable can be located very close to a fingerprint reader before a fingerprint token is generated and placed on the wearable, to prevent someone else from wearing the wearable and obtaining a token from the user.
  • a signal strength distance bounding can be used to determine proximity between the wearable and the authentication factor (e.g., a smartphone or computer having a fingerprint reader).
  • the wearable device For a given duration (e.g. , a remainder of the day) the wearable device is used to present that multi-factor authentication and the presence of the user who performed that authentication to the second device and to other devices within the user's continuum of devices.
  • the wearable device may have the ability to store one or more tokens that represent the user's authentication and securely present such token(s) on demand to one or more paired devices.
  • the wearable device may have the ability to detect when the device has been removed from the user (e.g., a sensor that detects loss of contact with skin), at which point the stored token can be invalidated (or even discarded) such that the user would have to re-perform the authentication task to make further use of the paired device.
  • the wearable device may have the ability to provide a presence indicator to a paired device so that the paired device knows when the wearable device is near.
  • the wearable device may also include its own sensors to provide
  • supplementary or primary authentication and presence factors that can be used as part of the initial strong authentication and/or as part of the ongoing detection that the device is still being worn by the user (e.g., the wearable device could monitor the EKG of the user to verify the device is still connected to the same user).
  • the resulting strong authentication (e.g., biometric- based authentication), which may include any one or more biometric authentication techniques such as a fingerprint scanner authentication, a palm reader
  • the wearable device includes this token storage along with a dead man switch.
  • the dead man switch includes logic that requires the user to have the wearable device on (in contact with the user) or in approximate contact with the user's body for the switch to stay active. As soon as the user removes the wearable device from contacting the user's body or the wearable device's battery is depleted, the token is removed or otherwise invalidated from the wearable device and the strong biometric authentication may be performed again.
  • “Approximate contact” may mean direct contact with the skin, or separation from the skin by a small air gap on the order of a few centimeters or less (as with a pendant wearable device that may swing a small distance away from the skin when the user leans forward), or contact with a clothing material or accessory through which some index of a nearby human presence (e.g., breath, a heartbeat, a thermal or electromagnetic signature) can be sensed by one or more sensors in the wearable device.
  • the dead man switch when triggered by a sensor's failure to detect the user's continued presence, may activate logic that removes or otherwise disables the stored token, so that no unauthorized person may use the wearable device to access one or more other devices.
  • the authorized user performs a strong re-authentication process after putting the wearable device back on.
  • the dead man switch logic tells relying parties that the device is still attached to the user who performed the strong authentication in the first place.
  • the dead man switch may not be immediately triggered at the instant the sensors fail to detect continued contact with the user.
  • the logic may include a built-in delay between the sensors' failure to detect user contact and the activation of the dead man switch. If the sensors resume sensing a user presence during the delay, the dead man switch is not activated. This prevents the dead man switch from being unnecessarily activated when the sensors lose contact with the user presence for a very short time; for example, if the wearable device swings, bounces, or twists when the user walks or changes position.
  • the delay time may be less than the time it would take for the user to remove the wearable device and for someone else to put on the user's wearable device.
  • “Approximate contact” also includes this type of intermittent contact, with loss of contact lasting less than a threshold duration (e.g., on the order of seconds or less).
  • the strong authentication can be done on one paired device and used on other devices, this enables strong authentication to be used on devices that do not have the physical ability to perform that same strong authentication.
  • palm vein authentication can be performed on a user's computer to securely access services on a phone later in the day when the computer with the palm vein authentication is not nearby (or vice versa).
  • the wearable device is in communication with the device being used by the user, it is a strong presence indicator that the same user is still interacting with the system and can be used to lock the system should the user with the wearable device step away (or the user takes off the wearable device).
  • Biometric recognition along with continuous presence monitoring using a wearable device replaces passwords or augments them and is an even more secure, eloquent solution for next generation computing platforms.
  • one or more first devices configured for at least one type of strong authentication provides initial authentication of all authorized users of primary or secondary protected devices, by biometric or other means. This may be repeated after periodic (e.g., daily or weekly) system resets.
  • a primary protected device may be a computer, a laptop, a phone, a set-top box, a smart appliance, or any other type of device that would have at least one type of biometric reading mechanism.
  • a second, wearable device is worn by the user in some manner. While the user wears the wearable device, the strong authentication can be performed at the primary protected device and the primary protected device can then send a secure token or key, representing the successful strong
  • the wearable device after receiving the token or key from the primary protected device, may begin monitoring the continued presence of the user. At approximately the same time, or alternatively at a selected later time, the primary protected device transmits a copy of at least this token (and optionally a proximity token) over the network to other protected devices (or to a data store accessible to the other protected devices). The user wearing the wearable device may then automatically be authenticated into the other protected devices, including computing platforms of all types and services, that detect the token on the wearable device within a threshold proximity, compare it to each copy in the list of token copies transmitted by primary protected device(s), and find a match that verifies the token's validity.
  • This threshold proximity may be set by a threshold signal strength of a short-range wireless signal such as BLE, Near Field Communication (NFC), or another type of proximity-based wireless technology.
  • the wearable device token, or other wireless authentication functionality may be disabled when (1 ) it is removed from the user's body, (2) if the battery or other power source is depleted, or (3) a scheduled reset of the authentication system occurs.
  • Embodiments thus reuse previous authentication events through the concept of authenticator-generated tokens and a device to securely provide such tokens at a later time along with evidence that the device has remained with the same user since the tokens were generated. This enables a variety of use cases as will be described herein, including passive re-authentication, starting an
  • Embodiments also provide a standardized way for authenticator devices to produce tokens/assertions of the user in a way that simplifies
  • FIG. 1 illustrates many embodiments of potential wearable form factors of devices that may be implemented as the wearable companion device.
  • the wearable companion device that stores the strong authentication token may be a watch (A), a pendant (B), a ring (C), an earring (D), an adhesive skin patch (E), or one or more many other types of wearable devices that are able to maintain contact or approximate contact with the user.
  • Method 200 may be performed by various combinations of hardware, software, and/or firmware, including hardware-based logic in one or more computing devices to enable creation of multiple tokens for use in initial and successive authentications of a user to one or more computing devices with minimal or no user involvement.
  • method 200 begins by generating a first token including a first timestamp (block 210).
  • This first token may be generated responsive to user adaptation of a wearable device. As such, this first token may be generated, e.g., in the wearable device itself, when the user puts on the wearable device or otherwise places the wearable device in at least approximate contact.
  • the first timestamp included in this first token may be associated with the time at which the user puts on or otherwise adapts the wearable device.
  • This second token generation may be responsive to a user authentication to a computing device, e.g., separate from the wearable device.
  • This second timestamp may be associated with a time at which the user authentication occurs.
  • the computing device is a smartphone, tablet computer, laptop computer, desktop computer or other computing platform that the user seeks to access.
  • this second device is the user's work computer.
  • this token may be associated with a particular factor of authentication which can vary in different embodiments.
  • the strength and type of authentication can be part of the information stored in the token. Furthermore, understand that for the high level view shown in FIG. 2, only a single factor authentication is described. In many cases however the initial user authentication may be according to a multi- factor authentication such that a plurality of tokens can be generated in this user authentication.
  • this storage may be a nonvolatile storage that includes at least some amount of a secure storage such that the tokens may be stored and later accessed while the wearable device is in a trusted execution environment.
  • the tokens may be encrypted or otherwise protected in another manner such that the storage and accessing can occur outside of a trusted execution environment.
  • this user authentication request is received (diamond 240). If so, control passes to block 250.
  • this user authentication request may be responsive to the user seeking to later access the same computing device or another device associated with the user, or responsive to a re-authentication time period elapsing. Responsive to this request, which may be received by the wearable device at block 250, the first and second tokens can be communicated to an authenticator or verifier.
  • the authenticator may be the computing device itself. In other usage models understand that the authenticator may be another device, including a remote authentication service of an identity provider such as accessible via the Internet.
  • the first timestamp is older than the second timestamp. This determination, if successful, indicates that the user was wearing the wearable device prior to first authenticating to the computing device and has not removed the wearable device since that time. This may be ensured in various embodiments by causing the wearable device to delete or otherwise remove the tokens when the user removes or otherwise disassociates from the wearable device. In this or other cases, the disassociation of the user from the wearable device may otherwise be communicated to appropriate computing devices and/or authenticator. Also understand that this determination at diamond 260 may be according to a particular security policy and in other cases, such timestamp-based confirmation may not be required.
  • the user may be prevented from access to the computing device or at least be prevented from access to secure information, such as preventing the user from entering into a secure session with the computing device.
  • the contents of tokens allow a policy enforcement point to infer critical information about the trust state.
  • Table 1 shown is a list of example fields of a token in accordance with an embodiment. As seen, a variety of different types of metadata may be stored in the fields of a token. Also understand while these particular fields are shown in Table 1 , many different types of information can be stored in other embodiments.
  • a token 300 includes a plurality of fields 310 0 - 310 6 . Understand while shown with a representative number of fields in the embodiment of FIG 3, many variations and alternatives are possible. Understand also that a token including these or other fields may be protected prior to storage and/or communication, e.g., by way of one or more cryptographic measures.
  • a version field 310 0 may be used to store a token format version number, such as a standard format of a given authentication system.
  • An issuer field 310i may be used to store an identifier of an issuer of the token.
  • this issuer field may provide an identity of device type (e.g., wearable, computer, or a cloud source).
  • the issuer field may indicate whether the token was created by a wearable device or by an identity service itself and placed on the wearable device for later use.
  • a personal computer could use facial recognition to authenticate the user, generate a face recognition token, and place it into a wearable device for later use by the PC to authenticate the user again without re-verifying the face.
  • an authentication factor field 310 2 may store a value or indicator representing an authentication factor that created the token.
  • Example authentication factors may include a biometric authentication factor and an on-person authentication factor, among other examples.
  • An authentication confidence field 310 3 may store an indicator describing a given level of multiple levels of authentication confidence. Understand while the example of Table 1 shows four such levels, in different implementations a variety of different gradients of confidence of an individual factor can be expressed. For example, an on-body sensor may produce a "None" confidence when off the user and a "High” confidence when on the user. Instead a facial recognition factor may produce different confidence values depending upon matching confidence or whether extended anti- spoofing techniques were used.
  • a timestamp field 310 4 may store a value describing or representing a timestamp when the token was created by the issuer.
  • the timestamp allows multiple tokens to be bound together by policy. For example, an on-body token generated by a wearable device can be correlated with a facial recognition token to assert that the user was already wearing the wearable at the time of the face recognition and has not taken the wearable off since then.
  • a location field 310 5 may store a location indicator that describes or represents a location where an original authentication represented by the token occurred. Different levels of granularity of such location can be used.
  • the location field may indicate a trust level associated with the location at which the token was generated. In such instances, a higher level of confidence may be associated with a known, private location (such as a home or office), while a lower level of confidence may be associated with an unknown, public location such as an airport, shopping mall or so forth.
  • a signature field 310 6 may store a token signature generated by the issuer.
  • the signature may be generated according to a given cryptographic technique, such as a secure hash algorithm (SHA), as an example.
  • SHA secure hash algorithm
  • one or more of these fields may be used in determining whether to authenticate a user (and/or perform a re-authentication) based on values within the fields of one or more tokens and a particular security policy.
  • a security policy may provide for enforcement such that a user may only be
  • an issuer field of a token may be analyzed to determine whether the issuer and the verifier are the same entity and if so to authenticate the user, and otherwise to prevent user authentication.
  • the issuer field may be associated with one of multiple identities of a particular computing system, such as a PC that is used in different environments by different users.
  • a security policy may prevent a user authentication based on an issuer identity (and/or signature field) associated with a different user environment of the computing system.
  • information of a location field may be considered by some security policies.
  • a token may be trusted to enable a user authentication only if the location field of the token matches the location of the verifier device.
  • Another example of a location-based security policy enforcement may be to prevent user authentication when a token was generated in an unknown location such as a public environment or so forth.
  • the signature stored in the signature field may be an asymmetric cryptographic signature such as according to a Rivest Shamir Adleman (RSA) or elliptic curve cryptography (ECC) algorithm.
  • the signature may be a pre-shared symmetric key.
  • a token may be associated with a message authentication code (MAC) to protect against tampering. Note that in cases where an issuer is also the authenticator (such in the context of a computer that generates an initial authentication token and later seeks to re- authenticate the user), the token may be keyed to a private key of the system.
  • MAC message authentication code
  • the token may be keyed by a pre-shared key between the issuer and verifier or an asymmetric key system may be used, as set up during a registration protocol between the wearable device and verifier.
  • Embodiments thus provide an ability to maintain confidence in an
  • tokens in accordance with an embodiment can convey information (including but not limited to time, location, type of authentication (such as password, face, etc., types of sensors used to determine on-body, etc.) to an authentication policy engine. Using such tokens enables a previous authentication to be combined with on-body sensors to detect separation, to re-use authentication from the past instead of re- authenticating the user.
  • FIG. 4 is a block diagram of components included in an embodiment of the wearable device.
  • wearable device 400 may include a controller 402 (e.g., microcontroller), memory and/or storage 404 that may be a combination of volatile and non-volatile memory and storage, a dead man switch 406, one or more sensors 408 (e.g., accelerometer, temperature sensor, etc.), a power source 410 (e.g., a battery), and a wireless transceiver 412 (e.g., radio frequency) to communicate with the protected device(s).
  • a controller 402 e.g., microcontroller
  • memory and/or storage 404 that may be a combination of volatile and non-volatile memory and storage
  • a dead man switch 406 one or more sensors 408 (e.g., accelerometer, temperature sensor, etc.)
  • a power source 410 e.g., a battery
  • a wireless transceiver 412 e.g., radio frequency
  • FIG. 5 illustrates an embodiment of a protected device incorporating wireless authentication technology that enables it to function as a primary protected device.
  • the protected device in some embodiments, comprises a system-on-a-chip (SoC) package 500 design that combines processor, graphics, memory, and I/O control logic into one SoC package.
  • SoC system-on-a-chip
  • each processor core may internally include one or more instruction/data caches, execution units, prefetch buffers, instruction queues, branch address calculation units, instruction decoders, floating point units, retirement units, etc.
  • Each core present is located on a processor semiconductor die.
  • the logic unit may be on the processor core(s) 502 semiconductor die in some embodiments or on another die in other embodiments. If a given logic unit is not on the same die as processor core(s) 502, that logic unit would be on a different semiconductor die, though in the same SoC package 500, which can include several dies
  • the SoC 500 also includes at least one lower-level processor cache 506.
  • This may be a general-purpose cache capable of storing a significant amount of data retrieved from volatile memory 518 and/or non-volatile memory 520.
  • processor cache 506 may be shared among all cores 502.
  • each core 502 may have its own dedicated processor cache 506.
  • one or more graphics cores 504 are also included in SoC package 500 as well as a lower level graphics cache 508 which may store graphics- related data for the graphics core(s) 504 to work on.
  • Graphics core(s) 504 may internally include one or more execution units and one or more instruction and data caches utilized to feed the execution units with information to process.
  • the graphics core(s) 504 may contain other graphics logic units that are not shown in FIG. 5, such as one or more vertex processing units, rasterization units, media processing units, and codecs, among others. For simplicity, the specific logic within the graphics core(s) 504 is not shown.
  • the graphics core and graphics cache may be involved in the authentication if images are involved in either the initial strong authentication of the user (e.g., pass-gestures or biometric scanning or imaging). Some embodiments, if not processing images during the authentication, may not need graphics capability unless it is necessary for some operation other than authentication.
  • the graphics core(s) 504 provide image data to a protected device display. In some embodiments, the graphics core(s) 504 send data to a display controller 524, which in turn populates one or more displays 526 coupled to the system.
  • the SoC package 500 also includes a memory subsystem 512, including integrated volatile memory controller 514 providing access to volatile memory 518.
  • Volatile memory controller 514 may receive a memory access request from a core and route that request to volatile memory 518.
  • non-volatile memory controller 516 may receive a memory access request from a core and route that request to non-volatile memory 520.
  • an input/output (I/O) subsystem 530 is present in the system in FIG. 5 to communicate with I/O devices, such as I/O device(s) 534.
  • the I/O subsystem 530 in FIG. 5 is integrated into the SoC package 500.
  • one or more I/O adapter(s) 532 are present to translate commands delivered in a host communication protocol from the processor core(s) 502 into compatible protocols for particular I/O devices.
  • PCI-E Peripheral Component Interconnect
  • USB Universal Serial Bus
  • SATA Serial Advanced Technology Attachment
  • SCSI Small Computer System Interface
  • IEEE Institute of Electrical and Electronics Engineers 1594 "Firewire;” among others.
  • one or more of the I/O adapters may translate to one or more wireless I/O protocols to communicate with wireless peripherals such as some embodiments of the wearable device.
  • wireless protocols include those used in personal area networks, such as IEEE 802.15 and Bluetooth, 4.0; wireless local area network (LAN) protocols such as IEEE 802.1 1 and its derivatives; and cellular communication protocols such as those used in cellular telephony.
  • LAN wireless local area network
  • At least one authentication component 528 is coupled to the SoC.
  • the authentication component 528 may be a palm vein reader, a fingerprint reader, an iris reader, an input for a password or a pass-gesture, or one or more other components for authenticating multiple factors.
  • one or more wireless transceivers 510 are located on, or coupled to, the SoC. In some embodiments, some or all of the wireless transceivers 510 are located outside the SoC 500.
  • the wireless transceivers may transmit and receive cellular signals such as LTE and 3G, Bluetooth signals, NFC signals, WiFi signals, and/or one or more other wireless and/or cellular protocols.
  • Use Case 1 passive wearable to device:
  • Phone/PC places authentication token(s) in wearable database 5. User attempts to unlock phone/PC
  • Phone/PC protects local session until reauthentication of user
  • Access control device retrieves tokens from wearable
  • Access control device grants access to user [0065] Use Case 8, phone as intermediary:
  • Access control device retrieves tokens from wearable via phone
  • Access control device grants access to user
  • architecture 600 includes multiple independent computing systems, namely a host endpoint 610 and a wearable endpoint 650 that couple via a channel 640, which in an embodiment may be a given short range wireless channel. Understand that these devices can take many different forms in different embodiments.
  • host endpoint 610 may be a computing device such as a client tablet computer, laptop computer, desktop computer or so forth, while wearable endpoint 650 may range from a relatively low complexity wearable device such as a pin, button or other very small form factor device to a larger device such as a smartphone or other portable computing device.
  • CPU 612 may be a multi-core processor or other system on chip (SoC).
  • SoC system on chip
  • Memory 614 may include multiple independent memory and storage devices, including, for example, a dynamic random access memory (DRAM) and a nonvolatile memory such as a flash memory, a solid state drive, a hard drive or so forth.
  • DRAM dynamic random access memory
  • nonvolatile memory such as a flash memory, a solid state drive, a hard drive or so forth.
  • Communication circuits 616 may include multiple wired and wireless communication circuits including short-range wireless devices such as a BluetoothTM low energy transceiver, a near field communication device, a wide area wireless communication device such as a 4G cellular transceiver and so forth.
  • host endpoint 610 includes a user authentication service (UAS) 620 which may execute on CPU 612 and/or on a separate security device such as a secure element or logic, which may be within CPU 612 or implemented as a separate device.
  • UAS 620 may perform the user- proximity based authentications described herein.
  • UAS 620 may communicate with a policy engine 625, which also may be executed on the secure element, and which may determine whether to authenticate, not authenticate, de- authenticate and/or re-authenticate a user based on proximity to one or more devices (e.g., including user association with a wearable device and the wearable device being in close proximity to host endpoint 610).
  • a policy engine 625 may determine whether to authenticate, not authenticate, de- authenticate and/or re-authenticate a user based on proximity to one or more devices (e.g., including user association with a wearable device and the wearable device being in close proximity to host endpoint 610).
  • host endpoint 610 and wearable endpoint 650 may perform the authentications described herein when the devices are within a given short range wireless distance of each other, which may be determined based on received signal strength indicator (RSSI) distance bounding information.
  • RSSI received signal strength indicator
  • wearable endpoint 650 the device includes various hardware, including a CPU 652, one or more proximity sensors 654, one or more communication circuits 656 and at least one storage 658.
  • wearable endpoint 650 can take many different forms, in one embodiment it may be implemented as a single module, such as a small wearable button or so forth, including one or more semiconductor die. Further understand that while shown with the high level view in FIG. 6, a given wearable endpoint can include many other components.
  • the device includes an on-body detect state machine 660, which in an embodiment may receive input from proximity sensors 654 and determine whether the wearable device is adapted to the user as described herein.
  • state machine 660 may execute on CPU 652, while in other cases the state machine may be an independent processing circuit.
  • a UAS token database 665 is present and may be configured to store the various proximity and authentication tokens described herein, both generated in the wearable endpoint (for such devices capable of token generation) and received from a proximate computing system (such as a user's client system, or received from a remote authentication source).
  • database 665 may be stored in one or more of storages 658.
  • state machine 660 may cause one or more tokens to be deleted from database 665 responsive to detection that a user has removed or otherwise disassociated with the wearable endpoint.
  • an instance of a user authentication service 670 may execute within wearable endpoint 650.
  • this service can be executed on CPU 652 or a separate secure logic, either within the CPU or implemented as a separate device.
  • a distance notification service 675 may execute within wearable endpoint 650.
  • service 675 may execute on CPU 652 and may be used to indicate when the wearable endpoint is within a threshold proximity (e.g., within a short-range wireless range, e.g., as determined by RSSI bounding information). Understand while shown at this high level in the embodiment of FIG. 6, many variations and alternatives are possible.
  • module 700 may be an Intel ® CurieTM module that includes multiple components adapted within a single small module that can be implemented as all or part of a wearable device.
  • module 700 includes a core 710 (of course in other embodiments more than one core may be present).
  • core may be a relatively low complexity in-order core, such as based on an Intel Architecture ® QuarkTM design.
  • Core 710 couples to various components including a sensor hub 720, which may be configured to interact with a plurality of sensors 780, such as one or more biometric, motion environmental or other sensors.
  • a power delivery circuit 730 is present, along with a non-volatile storage 740. In an embodiment, this circuit may include a rechargeable battery and a recharging circuit, which may in one
  • One or more input/output (IO) interfaces 750 such as one or more interfaces compatible with one or more of USB/SPI/l 2 C/GPIO protocols, may be present.
  • IO input/output
  • a wireless transceiver 790 which may be a BluetoothTM low energy or other short-range wireless transceiver is present to enable wireless communications as described herein. Understand that in different implementations a wearable module can take many other forms.
  • FIG. 8 illustrates another system 800 which may be a smartphone, wearable device or so forth to perform proximity-based authentications as described herein.
  • system 800 includes a communications/applications processor 810, which may be a main processor of the system and which in turn may wirelessly
  • Processor 810 further couples to a secure element 815 which in an embodiment can be implemented as a separate component, such as a hardened microcontroller unit or other circuit, and which may independently communicate via another antenna 817, in an embodiment.
  • Secure element 815 may perform user proximity-based authentications.
  • additional components of system 800 include a non-volatile memory 820, which may be used to store a database of tokens, as well as an authentication policy.
  • One or more proximity sensors 825 may be configured to indicate proximity of a user.
  • user adaptation can also be identified based at least in part on one or more body sensors 830, such as a heart rate sensor.
  • system 800 includes one or more accelerometers 840, such as a multi-axis accelerator.
  • system 800 may be a rechargeable battery-powered device and thus a power delivery network 850 may include one or more voltage regulators, battery charger and so forth to receive power from a battery, as well as to provide a recharging current from an external connection, such as a wireless or USB connection to the battery. Understand while shown at this high level in the embodiment of FIG. 8, many variations and alternatives are possible.
  • Method 900 begins by generating a proximity token responsive to user adaptation of the wearable device (block 910).
  • the wearable device itself may generate this proximity token, e.g., with a timestamp, and store it in a database of the wearable device.
  • this token may be received from another system.
  • a user authentication protocol is performed between the wearable device and a second computing device.
  • this second computing device may be a work desktop computer of a user and to which the user has separately performed one or more factors of an authentication protocol.
  • the wearable device may receive an authentication token and store it in the database.
  • This authentication token may be received from the second computing device and may include, for example, another timestamp associated with the time at which the user authenticated to the second computing device.
  • the wearable device may monitor for continued user presence. During such time it may be determined whether the user has attempted to access the second computing device (diamond 950). If so, both tokens (the authentication token and the proximity token) may be sent from the wearable device to the second computing device (block 960). In an embodiment, this communication may be responsive to a user authentication request received in the wearable device from the second computing device.
  • the wearable device may receive an indication of authentication of the user to the second computing device.
  • it is determined whether the user presence is maintained (such as whether the user has continued to associate with the wearable device).
  • the wearable device may send a loss of trust event to the second computing device.
  • the second computing device may de-authenticate the user and similarly remove tokens. Or in other cases, the second computing device may simply prevent further protected session access until the user again returns in close proximity to the second computing device.
  • the security policy may further require the user again to adapt the wearable device before authenticating (or re-authenticating) to the second computing device. Understand while shown at this high level in the illustration of FIG. 9, many variations and alternatives are possible. [0078] The following Examples pertain to further embodiments.
  • a first device comprises: a first logic to generate a first token when a user adapts the first device in approximate contact to the user, the first token including a first timestamp; a storage to store the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and a communication module to communicate the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
  • Example 2 the first device of Example 1 further comprises a controller to remove at least the first token when the first user is no longer in the approximate contact to the first device.
  • Example 3 the first device of one or more of the above Examples further comprises a sensor to detect when the user is in the approximate contact to the first device.
  • the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the first device in approximate contact to the user.
  • the second token includes a plurality of fields including a first field to store the second timestamp and a second field to store a location identifier associated with a location at which the user authenticated to the second device.
  • the second token further includes a third field to store an authentication factor indicator to indicate an authentication factor associated with the second token and a fourth field to store an authentication confidence indicator to indicate a level of authentication confidence associated with the authentication of the user by the authentication factor.
  • Example 7 the storage of one or more of the above Examples is to store a third token, where the second token is associated with a first factor of the user authentication to the second device and the third token is associated with a second factor of the user authentication to the second device.
  • the authenticator comprises a remote authentication service.
  • the first device comprises a wearable module including at least one core, a power delivery circuit, at least one sensor, and where the
  • the communication module comprises a short-range wireless transceiver.
  • a method comprises: generating a second token having a second timestamp, responsive to authentication of a user to the computing system at a first time; sending the second token to a wearable device associated with the user to enable storage of the second token in the wearable device; receiving a first token and the second token from the wearable device and determining whether to authenticate the user to the computing system at a second time according to a security policy; and if the user is authenticated at the second time, granting access to a protected session within the computing system.
  • Example 1 1 the method further comprises authenticating the user to the computing system at the first time according to a multi-factor authentication.
  • Example 12 the method further comprises generating the second token responsive to a first authentication factor of the multi-factor authentication and storing an authentication indicator in a first field of the second token to indicate an authentication factor associated with the first authentication factor.
  • Example 13 the method further comprises generating the second token further responsive to a second authentication factor of the multi-factor authentication and storing an authentication indicator in a second field of the second token to indicate an authentication factor associated with the second authentication factor.
  • Example 14 the method further comprises sending the first token and the second token to a remote authentication server, and providing a grant indication received from the remote authentication server to the wearable device when the user is authenticated at the second time.
  • the remote authentication server is to enable the user to access a second computing system when the wearable device is adapted in close proximity to the user, based at least in part on the first token and the second token.
  • Example 16 the method further comprises preventing continued access to the protected session responsive to receipt of a loss of trust indication from the wearable device.
  • Example 17 the method further comprises sending the first token from the computing system to a second computing system to enable the second computing system to automatically authenticate the user when the wearable device is adapted in close proximity to the user and the wearable device is within a threshold proximity of the second computing system.
  • a computer readable medium including instructions is to perform the method of any of the above Examples.
  • a computer readable medium including data is to be used by at least one machine to fabricate at least one integrated circuit to perform the method of any one of the above Examples.
  • an apparatus comprises means for performing the method of any one of the above Examples.
  • a system comprises: a first processor to execute one or more applications, including a cellular telephone application; and a second processor comprising a secure logic to generate and store a first token in a non-volatile storage when a user is authenticated to the system and send the first token to a second device when the second device is adapted in approximate contact to the user and is in close proximity to the system, where the secure logic is to remove at least the first token from the non-volatile storage responsive to disassociation of the user from the second device.
  • the secure logic is to remove at least the first token responsive to a loss of trust assertion from the second device, the second device comprising a logic to determine the user disassociation based on which the loss of trust assertion is generated.
  • the secure logic is to communicate at least the first token to a second computing system to enable the second computing system to automatically authenticate the user when the second device is adapted in the approximate contact to the user and the second device is within a threshold proximity of the second computing system.
  • an apparatus comprises: means for generating a first token when a user adapts the apparatus in approximate contact to the user, the first token including a first timestamp; means for storing the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and means for communicating the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
  • the apparatus further comprises a control means for removing at least the first token when the first user is no longer in the approximate contact to the apparatus.
  • Example 23 the apparatus further comprises sensor means for detecting when the user is in the approximate contact to the apparatus.
  • the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the apparatus in approximate contact to the user.
  • Embodiments may be used in many different types of systems.
  • a communication device can be arranged to perform the various methods and techniques described herein.
  • the scope of the present invention is not limited to a communication device, and instead other embodiments can be directed to other types of apparatus for processing instructions, or one or more machine readable media including instructions that in response to being executed on a computing device, cause the device to carry out one or more of the methods and techniques described herein.
  • Embodiments may be implemented in code and may be stored on a non- transitory storage medium having stored thereon instructions which can be used to program a system to perform the instructions. Embodiments also may be
  • the storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, solid state drives (SSDs), compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions.
  • ROMs read-only memories
  • RAMs random access memories
  • DRAMs dynamic random access memories
  • SRAMs static random access memories
  • EPROMs erasable programmable read-only memories
  • flash memories electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)
  • Lock And Its Accessories (AREA)

Abstract

In one embodiment, a first device includes: a first logic to generate a first token when a user adapts the first device in approximate contact to the user, the first token including a first timestamp; a storage to store the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and a communication module to communicate the first and second tokens to the second device to cause the second device to authenticate the user based at least in part on the first and second tokens. Other embodiments are described and claimed.

Description

PERFORMING USER SEAMLESS AUTHENTICATIONS
[0001 ] This application claims priority to United States Provisional Patent
Application No. 62/147,080 filed on April 14, 2015, in the names of Jason Martin, Rahuldeva Ghosh, Cory Cornelius, Ian R. Oliver, Ramune Nagisetty and Steven B. McGowan, entitled PERFORMING USER SEAMLESS AUTHENTICATIONS, the disclosure of which is hereby incorporated by reference.
Technical Field
[0002] The following relates to performing authentications using multiple devices. Background
[0003] Strong user authentication to a computing system is often a tedious and difficult task for users to perform, requiring them to remember and type complex passwords, use unreliable biometrics, wait for and then type second-factor codes received from text messages, and so forth. At the same time, authentication demands on users are increasing with more systems and services requiring or encouraging multi-factor authentication and more frequent authentications. While such activities may increase security, it can affect user experience undesirably.
Brief Description of the Drawings
[0004] FIG. 1 illustrates some examples of form factors of embodiments of wearable devices.
[0005] FIG. 2 is flow diagram of a high level method of a user authentication in accordance with an embodiment of the present invention.
[0006] FIG. 3 is an illustration of fields of a token in accordance with an
embodiment of the present invention.
[0007] FIG. 4 illustrates example components included in an embodiment of the wearable device.
[0008] FIG. 5 illustrates an embodiment of a protected device incorporating authentication technology consistent with the present disclosure. [0009] FIG. 6 is a block diagram of a network architecture in accordance with an embodiment of the present invention.
[0010] FIG. 7 is a block diagram of a wearable module in accordance with another embodiment.
[001 1 ] FIG. 8 illustrates another system to perform proximity-based authentications as described herein.
[0012] FIG. 9 is a flow diagram of a method in accordance with an embodiment. Detailed Description
[0013] In various embodiments, multiple devices may participate in a user authentication using one or more tokens to provide a mechanism to securely represent multi-factor authentication information, allowing a device (such as a wearable device) that provides a technical guarantee that its tokens represent historical multi-factor authentication and context information with the same or similar strength to an original authentication of the user, reducing user burden. Based on these tokens, which may represent time, proximity, user actions, or so forth recorded by one device, another device may use such tokens to securely make authentication decisions.
[0014] By providing a given authentication service in accordance with an
embodiment, a device which a user has in close proximity to the user can securely represent authentication decisions to other devices. Such device can also securely represent historical authentication context for later re-use by other devices to improve user experience. Although the scope of the present invention is not so limited, such context can take the form of registration information, authentication tokens, and on-body or human presence tokens (also referred to herein as a proximity token). In general, a "proximity token" or "on-body token" may be used in a given authentication scheme to indicate whether a user is wearing (and/or is in close proximity to) the device.
[0015] In an embodiment, this context can be stored in a database (potentially stored locally in a user device or remotely in a storage of a cloud identity provider) in a manner to allow sharing and synchronization to authentication policy enforcement endpoints. In various embodiments, security requirements may be enforced, while minimizing the negative user experience impact of authentication as much as possible. Embodiments may be applicable to a variety of different devices and use cases, and modes, such as a wide variety of different user authentication systems. Some examples are for use with a passive device such as a wireless-capable device (e.g., a Bluetooth low energy (BLE)) device that does not support on-device authentication. Other examples are for use with an active device such as a wireless- capable device that supports on-device authentication.
[0016] A wearable device is used to represent a strong or multi-factor
authentication of the user and the current presence of the user for the duration that the device is worn. The basic model involves the user putting the device on and then performing a strong or multi-factor authentication through a second device which may have been paired to the wearable device, or may be enrolled in an identity service which has been paired to the wearable device. Note that as such, embodiments are not limited to device-to-device pairing. For example, a wearable device can be paired with a cloud or enterprise service, which would then allow the user to use the wearable with any nearby device that is enrolled with that service. Such embodiments may be applicable for enterprise deployment and consumer deployment across many devices.
[0017] In many cases, an identity solution may first determine that the wearable device is in close proximity to one or more primary factors of authentication before generating tokens and storing them in the wearable device. For example, the wearable can be located very close to a fingerprint reader before a fingerprint token is generated and placed on the wearable, to prevent someone else from wearing the wearable and obtaining a token from the user. In such example, a signal strength distance bounding can be used to determine proximity between the wearable and the authentication factor (e.g., a smartphone or computer having a fingerprint reader).
[0018] For a given duration (e.g. , a remainder of the day) the wearable device is used to present that multi-factor authentication and the presence of the user who performed that authentication to the second device and to other devices within the user's continuum of devices.
[0019] The wearable device may have the ability to store one or more tokens that represent the user's authentication and securely present such token(s) on demand to one or more paired devices. The wearable device may have the ability to detect when the device has been removed from the user (e.g., a sensor that detects loss of contact with skin), at which point the stored token can be invalidated (or even discarded) such that the user would have to re-perform the authentication task to make further use of the paired device. The wearable device may have the ability to provide a presence indicator to a paired device so that the paired device knows when the wearable device is near.
[0020] The wearable device may also include its own sensors to provide
supplementary or primary authentication and presence factors that can be used as part of the initial strong authentication and/or as part of the ongoing detection that the device is still being worn by the user (e.g., the wearable device could monitor the EKG of the user to verify the device is still connected to the same user).
[0021 ] In many embodiments, the resulting strong authentication (e.g., biometric- based authentication), which may include any one or more biometric authentication techniques such as a fingerprint scanner authentication, a palm reader
authentication, iris scanner authentication, or any one or more of other types of biometric identification techniques, may be stored as one or more tokens in the wearable device. In an embodiment, the wearable device includes this token storage along with a dead man switch. The dead man switch includes logic that requires the user to have the wearable device on (in contact with the user) or in approximate contact with the user's body for the switch to stay active. As soon as the user removes the wearable device from contacting the user's body or the wearable device's battery is depleted, the token is removed or otherwise invalidated from the wearable device and the strong biometric authentication may be performed again. [0022] "Approximate contact" may mean direct contact with the skin, or separation from the skin by a small air gap on the order of a few centimeters or less (as with a pendant wearable device that may swing a small distance away from the skin when the user leans forward), or contact with a clothing material or accessory through which some index of a nearby human presence (e.g., breath, a heartbeat, a thermal or electromagnetic signature) can be sensed by one or more sensors in the wearable device. The dead man switch, when triggered by a sensor's failure to detect the user's continued presence, may activate logic that removes or otherwise disables the stored token, so that no unauthorized person may use the wearable device to access one or more other devices. To resume authorized use of the wearable device, the authorized user performs a strong re-authentication process after putting the wearable device back on.
[0023] The dead man switch logic tells relying parties that the device is still attached to the user who performed the strong authentication in the first place.
Essentially, this allows the wearable device to prove that the user who performed the strong authentication on another device at some earlier point in time is the same user who is now trying to access the current device. In some embodiments, the dead man switch may not be immediately triggered at the instant the sensors fail to detect continued contact with the user. The logic may include a built-in delay between the sensors' failure to detect user contact and the activation of the dead man switch. If the sensors resume sensing a user presence during the delay, the dead man switch is not activated. This prevents the dead man switch from being unnecessarily activated when the sensors lose contact with the user presence for a very short time; for example, if the wearable device swings, bounces, or twists when the user walks or changes position. Optionally, the delay time may be less than the time it would take for the user to remove the wearable device and for someone else to put on the user's wearable device. "Approximate contact" also includes this type of intermittent contact, with loss of contact lasting less than a threshold duration (e.g., on the order of seconds or less).
[0024] In addition, because the strong authentication can be done on one paired device and used on other devices, this enables strong authentication to be used on devices that do not have the physical ability to perform that same strong authentication. For example, palm vein authentication can be performed on a user's computer to securely access services on a phone later in the day when the computer with the palm vein authentication is not nearby (or vice versa).
[0025] Because the wearable device is in communication with the device being used by the user, it is a strong presence indicator that the same user is still interacting with the system and can be used to lock the system should the user with the wearable device step away (or the user takes off the wearable device).
Biometric recognition along with continuous presence monitoring using a wearable device replaces passwords or augments them and is an even more secure, eloquent solution for next generation computing platforms.
[0026] In some embodiments, one or more first devices (primary protected devices) configured for at least one type of strong authentication provides initial authentication of all authorized users of primary or secondary protected devices, by biometric or other means. This may be repeated after periodic (e.g., daily or weekly) system resets. A primary protected device may be a computer, a laptop, a phone, a set-top box, a smart appliance, or any other type of device that would have at least one type of biometric reading mechanism.
[0027] In some embodiments, a second, wearable device is worn by the user in some manner. While the user wears the wearable device, the strong authentication can be performed at the primary protected device and the primary protected device can then send a secure token or key, representing the successful strong
authentication of an authorized user, to the wearable device. The wearable device, after receiving the token or key from the primary protected device, may begin monitoring the continued presence of the user. At approximately the same time, or alternatively at a selected later time, the primary protected device transmits a copy of at least this token (and optionally a proximity token) over the network to other protected devices (or to a data store accessible to the other protected devices). The user wearing the wearable device may then automatically be authenticated into the other protected devices, including computing platforms of all types and services, that detect the token on the wearable device within a threshold proximity, compare it to each copy in the list of token copies transmitted by primary protected device(s), and find a match that verifies the token's validity. This threshold proximity may be set by a threshold signal strength of a short-range wireless signal such as BLE, Near Field Communication (NFC), or another type of proximity-based wireless technology. The wearable device token, or other wireless authentication functionality, may be disabled when (1 ) it is removed from the user's body, (2) if the battery or other power source is depleted, or (3) a scheduled reset of the authentication system occurs.
[0028] Embodiments thus reuse previous authentication events through the concept of authenticator-generated tokens and a device to securely provide such tokens at a later time along with evidence that the device has remained with the same user since the tokens were generated. This enables a variety of use cases as will be described herein, including passive re-authentication, starting an
authentication session on one device and continuing the authentication session on a second device, and an enhanced user experience via, e.g., a once-per-day authentication. Embodiments also provide a standardized way for authenticator devices to produce tokens/assertions of the user in a way that simplifies
implementation of identity services that consume such evidence.
[0029] FIG. 1 illustrates many embodiments of potential wearable form factors of devices that may be implemented as the wearable companion device. In different embodiments, the wearable companion device that stores the strong authentication token may be a watch (A), a pendant (B), a ring (C), an earring (D), an adhesive skin patch (E), or one or more many other types of wearable devices that are able to maintain contact or approximate contact with the user.
[0030] Referring now to FIG. 2, shown is flow diagram of a high level method of an authentication in accordance with an embodiment of the present invention. Method 200 may be performed by various combinations of hardware, software, and/or firmware, including hardware-based logic in one or more computing devices to enable creation of multiple tokens for use in initial and successive authentications of a user to one or more computing devices with minimal or no user involvement. [0031 ] As shown, method 200 begins by generating a first token including a first timestamp (block 210). This first token may be generated responsive to user adaptation of a wearable device. As such, this first token may be generated, e.g., in the wearable device itself, when the user puts on the wearable device or otherwise places the wearable device in at least approximate contact. Note that the first timestamp included in this first token may be associated with the time at which the user puts on or otherwise adapts the wearable device. Next, control passes to block 220 where a second token is generated including a second timestamp. This second token generation may be responsive to a user authentication to a computing device, e.g., separate from the wearable device. This second timestamp may be associated with a time at which the user authentication occurs. For example, assume that the computing device is a smartphone, tablet computer, laptop computer, desktop computer or other computing platform that the user seeks to access. For purposes of discussion, assume that this second device is the user's work computer. Note that this token may be associated with a particular factor of authentication which can vary in different embodiments. As such, the strength and type of authentication can be part of the information stored in the token. Furthermore, understand that for the high level view shown in FIG. 2, only a single factor authentication is described. In many cases however the initial user authentication may be according to a multi- factor authentication such that a plurality of tokens can be generated in this user authentication.
[0032] Still with reference with to FIG. 2, control next passes to block 230 where these first and second tokens may be stored in the wearable device. In this embodiment described where the second token (at least) is generated in the separate computing device, a communication of this second token to the wearable device may occur to enable storage of this second token, along with the first token in a storage of the wearable device. In an embodiment, this storage may be a nonvolatile storage that includes at least some amount of a secure storage such that the tokens may be stored and later accessed while the wearable device is in a trusted execution environment. Of course in other cases, the tokens may be encrypted or otherwise protected in another manner such that the storage and accessing can occur outside of a trusted execution environment. [0033] Still with reference to FIG. 2, next it is determined whether a user
authentication request is received (diamond 240). If so, control passes to block 250. Note that this user authentication request may be responsive to the user seeking to later access the same computing device or another device associated with the user, or responsive to a re-authentication time period elapsing. Responsive to this request, which may be received by the wearable device at block 250, the first and second tokens can be communicated to an authenticator or verifier. In the case where this user authentication request is for the user to access the computing device described above, the authenticator may be the computing device itself. In other usage models understand that the authenticator may be another device, including a remote authentication service of an identity provider such as accessible via the Internet.
[0034] Still referring to FIG. 2, at diamond 260 it is determined whether the first timestamp is older than the second timestamp. This determination, if successful, indicates that the user was wearing the wearable device prior to first authenticating to the computing device and has not removed the wearable device since that time. This may be ensured in various embodiments by causing the wearable device to delete or otherwise remove the tokens when the user removes or otherwise disassociates from the wearable device. In this or other cases, the disassociation of the user from the wearable device may otherwise be communicated to appropriate computing devices and/or authenticator. Also understand that this determination at diamond 260 may be according to a particular security policy and in other cases, such timestamp-based confirmation may not be required.
[0035] However for purposes of illustration in FIG. 2, if it is determined that the first timestamp is not older than the second timestamp, control passes to block 280 where an authentication failure may be reported. As such, the user may be prevented from access to the computing device or at least be prevented from access to secure information, such as preventing the user from entering into a secure session with the computing device. Otherwise if it is determined that the first timestamp is older than the second timestamp, control passes to block 270 where the user is authenticated and thus may access protected portions of the computing system and enter into a secure session. Understand while shown at this high level in the embodiment of FIG. 2 many variations and alternatives are possible.
[0036] In various embodiments, the contents of tokens allow a policy enforcement point to infer critical information about the trust state. Referring now to Table 1 , shown is a list of example fields of a token in accordance with an embodiment. As seen, a variety of different types of metadata may be stored in the fields of a token. Also understand while these particular fields are shown in Table 1 , many different types of information can be stored in other embodiments.
Table 1
Figure imgf000012_0001
[0037] Note that these fields correspond to the illustration of a token shown in FIG. 3. In the embodiment shown in FIG. 3, a token 300 includes a plurality of fields 3100 - 3106. Understand while shown with a representative number of fields in the embodiment of FIG 3, many variations and alternatives are possible. Understand also that a token including these or other fields may be protected prior to storage and/or communication, e.g., by way of one or more cryptographic measures. In the embodiment of FIG. 3, a version field 3100 may be used to store a token format version number, such as a standard format of a given authentication system. An issuer field 310i may be used to store an identifier of an issuer of the token. A variety of information can be stored in this field such as the type of computing device, its trusted state (such as whether the device was in a trusted execution environment at the time of token creation or so forth). In some cases, this issuer field may provide an identity of device type (e.g., wearable, computer, or a cloud source). As an example, the issuer field may indicate whether the token was created by a wearable device or by an identity service itself and placed on the wearable device for later use. For example, a personal computer (PC) could use facial recognition to authenticate the user, generate a face recognition token, and place it into a wearable device for later use by the PC to authenticate the user again without re-verifying the face.
[0038] In the embodiment of FIG. 3, an authentication factor field 3102 may store a value or indicator representing an authentication factor that created the token.
Example authentication factors may include a biometric authentication factor and an on-person authentication factor, among other examples. An authentication confidence field 3103 may store an indicator describing a given level of multiple levels of authentication confidence. Understand while the example of Table 1 shows four such levels, in different implementations a variety of different gradients of confidence of an individual factor can be expressed. For example, an on-body sensor may produce a "None" confidence when off the user and a "High" confidence when on the user. Instead a facial recognition factor may produce different confidence values depending upon matching confidence or whether extended anti- spoofing techniques were used.
[0039] Still with reference to FIG. 3, a timestamp field 3104 may store a value describing or representing a timestamp when the token was created by the issuer. The timestamp allows multiple tokens to be bound together by policy. For example, an on-body token generated by a wearable device can be correlated with a facial recognition token to assert that the user was already wearing the wearable at the time of the face recognition and has not taken the wearable off since then.
[0040] In the embodiment of FIG. 3, a location field 3105 may store a location indicator that describes or represents a location where an original authentication represented by the token occurred. Different levels of granularity of such location can be used. In some examples, rather than a particular geographic location (as determined, e.g., via a GPS sensor) the location field may indicate a trust level associated with the location at which the token was generated. In such instances, a higher level of confidence may be associated with a known, private location (such as a home or office), while a lower level of confidence may be associated with an unknown, public location such as an airport, shopping mall or so forth.
[0041 ] In the embodiment of FIG. 3, a signature field 3106 may store a token signature generated by the issuer. In an embodiment, the signature may be generated according to a given cryptographic technique, such as a secure hash algorithm (SHA), as an example.
[0042] According to different authentication schemes based on different security policies, one or more of these fields may be used in determining whether to authenticate a user (and/or perform a re-authentication) based on values within the fields of one or more tokens and a particular security policy. As one example, a security policy may provide for enforcement such that a user may only be
authenticated to an issuer device. In such example, an issuer field of a token may be analyzed to determine whether the issuer and the verifier are the same entity and if so to authenticate the user, and otherwise to prevent user authentication.
[0043] As another example, the issuer field may be associated with one of multiple identities of a particular computing system, such as a PC that is used in different environments by different users. In such case, a security policy may prevent a user authentication based on an issuer identity (and/or signature field) associated with a different user environment of the computing system.
[0044] As a still further example, information of a location field may be considered by some security policies. As one such example, a token may be trusted to enable a user authentication only if the location field of the token matches the location of the verifier device. Another example of a location-based security policy enforcement may be to prevent user authentication when a token was generated in an unknown location such as a public environment or so forth.
[0045] In different embodiments, the signature stored in the signature field may be an asymmetric cryptographic signature such as according to a Rivest Shamir Adleman (RSA) or elliptic curve cryptography (ECC) algorithm. In other cases the signature may be a pre-shared symmetric key. In some cases, a token may be associated with a message authentication code (MAC) to protect against tampering. Note that in cases where an issuer is also the authenticator (such in the context of a computer that generates an initial authentication token and later seeks to re- authenticate the user), the token may be keyed to a private key of the system. In other cases, such as a token generated by a wearable device, the token may be keyed by a pre-shared key between the issuer and verifier or an asymmetric key system may be used, as set up during a registration protocol between the wearable device and verifier.
[0046] Embodiments thus provide an ability to maintain confidence in an
authentication that occurred in the past and reuse for new authentication requests. In addition, multiple authentication factors may be correlated in time and a given security policy can be applied to those factors, especially across multiple devices. Also tokens in accordance with an embodiment can convey information (including but not limited to time, location, type of authentication (such as password, face, etc., types of sensors used to determine on-body, etc.) to an authentication policy engine. Using such tokens enables a previous authentication to be combined with on-body sensors to detect separation, to re-use authentication from the past instead of re- authenticating the user.
[0047] FIG. 4 is a block diagram of components included in an embodiment of the wearable device. In some embodiments, wearable device 400 may include a controller 402 (e.g., microcontroller), memory and/or storage 404 that may be a combination of volatile and non-volatile memory and storage, a dead man switch 406, one or more sensors 408 (e.g., accelerometer, temperature sensor, etc.), a power source 410 (e.g., a battery), and a wireless transceiver 412 (e.g., radio frequency) to communicate with the protected device(s). In some embodiments, there may be energy harvesting mechanisms to extend the life of power source 410. In some embodiments, one or more of the sensors 408 are capable of retrieving bio signatures to determine whether the user is in contact with the wearable device (e.g., a temperature sensor to detect body heat, a pulse detector, a capacitive touch detector, etc.). [0048] FIG. 5 illustrates an embodiment of a protected device incorporating wireless authentication technology that enables it to function as a primary protected device. The protected device, in some embodiments, comprises a system-on-a-chip (SoC) package 500 design that combines processor, graphics, memory, and I/O control logic into one SoC package. Thus, in FIG. 5, processor core(s) 502, the graphics core(s) 504, their respective caches (506 and 508) are all present in the package, along with memory subsystem 512 and I/O subsystem 530.
[0049] Although not shown, each processor core may internally include one or more instruction/data caches, execution units, prefetch buffers, instruction queues, branch address calculation units, instruction decoders, floating point units, retirement units, etc. Each core present is located on a processor semiconductor die. For each logic unit shown other than the core(s) 502 in the SoC package 500, the logic unit may be on the processor core(s) 502 semiconductor die in some embodiments or on another die in other embodiments. If a given logic unit is not on the same die as processor core(s) 502, that logic unit would be on a different semiconductor die, though in the same SoC package 500, which can include several dies
communicatively coupled with each other in the package.
[0050] The SoC 500 also includes at least one lower-level processor cache 506. This may be a general-purpose cache capable of storing a significant amount of data retrieved from volatile memory 518 and/or non-volatile memory 520. In some embodiments, processor cache 506 may be shared among all cores 502.
Alternatively, each core 502 may have its own dedicated processor cache 506.
[0051 ] Optionally, one or more graphics cores 504 are also included in SoC package 500 as well as a lower level graphics cache 508 which may store graphics- related data for the graphics core(s) 504 to work on. Graphics core(s) 504 may internally include one or more execution units and one or more instruction and data caches utilized to feed the execution units with information to process. Additionally the graphics core(s) 504 may contain other graphics logic units that are not shown in FIG. 5, such as one or more vertex processing units, rasterization units, media processing units, and codecs, among others. For simplicity, the specific logic within the graphics core(s) 504 is not shown. The graphics core and graphics cache may be involved in the authentication if images are involved in either the initial strong authentication of the user (e.g., pass-gestures or biometric scanning or imaging). Some embodiments, if not processing images during the authentication, may not need graphics capability unless it is necessary for some operation other than authentication. The graphics core(s) 504 provide image data to a protected device display. In some embodiments, the graphics core(s) 504 send data to a display controller 524, which in turn populates one or more displays 526 coupled to the system.
[0052] In FIG. 5, the SoC package 500 also includes a memory subsystem 512, including integrated volatile memory controller 514 providing access to volatile memory 518. Volatile memory controller 514 may receive a memory access request from a core and route that request to volatile memory 518. Likewise, non-volatile memory controller 516 may receive a memory access request from a core and route that request to non-volatile memory 520.
[0053] In some embodiments, an input/output (I/O) subsystem 530 is present in the system in FIG. 5 to communicate with I/O devices, such as I/O device(s) 534. The I/O subsystem 530 in FIG. 5 is integrated into the SoC package 500. Within the I/O subsystem 530, one or more I/O adapter(s) 532 are present to translate commands delivered in a host communication protocol from the processor core(s) 502 into compatible protocols for particular I/O devices. Some of the protocols may include Peripheral Component Interconnect (PCI)-Express (PCI-E), 3.0; Universal Serial Bus (USB), 3.0; Serial Advanced Technology Attachment (SATA), 3.0; Small Computer System Interface (SCSI), Ultra-640; and Institute of Electrical and Electronics Engineers (IEEE) 1594 "Firewire;" among others.
[0054] Additionally, one or more of the I/O adapters may translate to one or more wireless I/O protocols to communicate with wireless peripherals such as some embodiments of the wearable device. Some non-limiting examples of wireless protocols include those used in personal area networks, such as IEEE 802.15 and Bluetooth, 4.0; wireless local area network (LAN) protocols such as IEEE 802.1 1 and its derivatives; and cellular communication protocols such as those used in cellular telephony. [0055] At least one authentication component 528 is coupled to the SoC. The authentication component 528 may be a palm vein reader, a fingerprint reader, an iris reader, an input for a password or a pass-gesture, or one or more other components for authenticating multiple factors.
[0056] In some embodiments, one or more wireless transceivers 510 are located on, or coupled to, the SoC. In some embodiments, some or all of the wireless transceivers 510 are located outside the SoC 500. The wireless transceivers may transmit and receive cellular signals such as LTE and 3G, Bluetooth signals, NFC signals, WiFi signals, and/or one or more other wireless and/or cellular protocols.
[0057] The following use cases illustrate example cases. Understand that many other use cases are possible, and the operations of the different use cases can in some cases be performed in different orders and/or combined to realize these and other use cases.
[0058] Use Case 1 , passive wearable to device:
1 . User puts on wearable
2. Wearable generates proximity token
3. User authenticates to phone/PC
4. Phone/PC places authentication token(s) in wearable database
5. User attempts to unlock phone/PC
6. Phone/PC retrieves tokens from wearable
7. Phone/PC grants access to user [0059] Use Case 2, wearable loss of trust event:
1 . User puts on wearable
2. Wearable generates proximity token
3. User authenticates to phone/PC
4. Phone/PC places authentication token(s) in wearable database 5. User attempts to unlock phone/PC
6. Phone/PC retrieves tokens from wearable
7. Phone/PC grants access to user
8. User removes wearable
9. Wearable notifies phone/PC of loss of trust event
10. Phone/PC protects local session until reauthentication of user
[0060] Use Case 3, wearable distance bounding:
1 . User puts on wearable
2. Wearable generates proximity token
3. User authenticates to phone/PC
4. Phone/PC places authentication token(s) in wearable database
5. User attempts to unlock phone/PC
6. Phone/PC retrieves tokens from wearable
7. Phone/PC grants access to user
8. User moves wearable beyond policy-defined distance from phone/PC
9. Phone/PC protects local session
[0061 ] Use Case 4, active wearable to phone:
1 . User puts on wearable
2. Wearable generates authentication token and proximity token
3. User attempts to unlock phone/PC
4. Phone/PC retrieves tokens from wearable
5. Phone/PC grants access to user [0062] Use Case 5, phone to PC:
1 . User has phone with them
2. User authenticates to PC
3. PC places authentication token(s) in phone UAS database
4. User attempts to unlock PC
5. PC retrieves tokens from phone
6. PC grants access to user
[0063] Use Case 6, cloud login:
1 . User puts on wearable
2. Wearable generates proximity token
3. User authenticates to identify provider (IDP)
4. PC places IDP-generated authentication token(s) in wearable database
5. User attempts to access online resource
6. PC retrieves tokens from wearable
7. PC sends token information to cloud identity provider service
8. Identity provider service grants access to online resources
[0064] Use Case 7, wearable as key/badge replacement:
1 . User puts on wearable
2. Wearable generates authentication token and proximity token
3. User attempts to open door/car/lock
4. Access control device retrieves tokens from wearable
5. Access control device grants access to user [0065] Use Case 8, phone as intermediary:
1 . User puts on wearable
2. Wearable generates authentication token and proximity token
3. User attempts to open door/car/lock
4. Access control device retrieves tokens from wearable via phone
5. Access control device grants access to user
[0066] Referring now to FIG. 6, shown is a block diagram of a network architecture in accordance with an embodiment of the present invention. As shown in FIG. 6, architecture 600 includes multiple independent computing systems, namely a host endpoint 610 and a wearable endpoint 650 that couple via a channel 640, which in an embodiment may be a given short range wireless channel. Understand that these devices can take many different forms in different embodiments. As one non- limiting example, host endpoint 610 may be a computing device such as a client tablet computer, laptop computer, desktop computer or so forth, while wearable endpoint 650 may range from a relatively low complexity wearable device such as a pin, button or other very small form factor device to a larger device such as a smartphone or other portable computing device.
[0067] First with reference to host endpoint 610, various hardware is present. For purpose of broad illustration, a central processing unit (CPU) 612, a memory and one or more communication circuits 616 are shown. Of course in a particular host endpoint, many other hardware components and other circuitry may be present. In one embodiment, CPU 612 may be a multi-core processor or other system on chip (SoC). Memory 614 may include multiple independent memory and storage devices, including, for example, a dynamic random access memory (DRAM) and a nonvolatile memory such as a flash memory, a solid state drive, a hard drive or so forth. Communication circuits 616 may include multiple wired and wireless communication circuits including short-range wireless devices such as a Bluetooth™ low energy transceiver, a near field communication device, a wide area wireless communication device such as a 4G cellular transceiver and so forth. [0068] As further illustrated in FIG. 6, host endpoint 610 includes a user authentication service (UAS) 620 which may execute on CPU 612 and/or on a separate security device such as a secure element or logic, which may be within CPU 612 or implemented as a separate device. UAS 620 may perform the user- proximity based authentications described herein. To this end, UAS 620 may communicate with a policy engine 625, which also may be executed on the secure element, and which may determine whether to authenticate, not authenticate, de- authenticate and/or re-authenticate a user based on proximity to one or more devices (e.g., including user association with a wearable device and the wearable device being in close proximity to host endpoint 610).
[0069] As such, host endpoint 610 and wearable endpoint 650 may perform the authentications described herein when the devices are within a given short range wireless distance of each other, which may be determined based on received signal strength indicator (RSSI) distance bounding information.
[0070] Now with reference to wearable endpoint 650, the device includes various hardware, including a CPU 652, one or more proximity sensors 654, one or more communication circuits 656 and at least one storage 658. As described above, wearable endpoint 650 can take many different forms, in one embodiment it may be implemented as a single module, such as a small wearable button or so forth, including one or more semiconductor die. Further understand that while shown with the high level view in FIG. 6, a given wearable endpoint can include many other components.
[0071 ] Still referring to wearable endpoint 650, the device includes an on-body detect state machine 660, which in an embodiment may receive input from proximity sensors 654 and determine whether the wearable device is adapted to the user as described herein. In one embodiment, state machine 660 may execute on CPU 652, while in other cases the state machine may be an independent processing circuit. A UAS token database 665 is present and may be configured to store the various proximity and authentication tokens described herein, both generated in the wearable endpoint (for such devices capable of token generation) and received from a proximate computing system (such as a user's client system, or received from a remote authentication source). In an embodiment, database 665 may be stored in one or more of storages 658. In an embodiment, state machine 660 may cause one or more tokens to be deleted from database 665 responsive to detection that a user has removed or otherwise disassociated with the wearable endpoint.
[0072] As further illustrated, an instance of a user authentication service 670 may execute within wearable endpoint 650. In embodiments, this service can be executed on CPU 652 or a separate secure logic, either within the CPU or implemented as a separate device. Still further, a distance notification service 675 may execute within wearable endpoint 650. In an embodiment, service 675 may execute on CPU 652 and may be used to indicate when the wearable endpoint is within a threshold proximity (e.g., within a short-range wireless range, e.g., as determined by RSSI bounding information). Understand while shown at this high level in the embodiment of FIG. 6, many variations and alternatives are possible.
[0073] Referring now to FIG. 7, shown is a block diagram of a wearable module 700 in accordance with another embodiment. In one particular implementation, module 700 may be an Intel® Curie™ module that includes multiple components adapted within a single small module that can be implemented as all or part of a wearable device. As seen, module 700 includes a core 710 (of course in other embodiments more than one core may be present). Such core may be a relatively low complexity in-order core, such as based on an Intel Architecture® Quark™ design. Core 710 couples to various components including a sensor hub 720, which may be configured to interact with a plurality of sensors 780, such as one or more biometric, motion environmental or other sensors. A power delivery circuit 730 is present, along with a non-volatile storage 740. In an embodiment, this circuit may include a rechargeable battery and a recharging circuit, which may in one
embodiment receive charging power wirelessly. One or more input/output (IO) interfaces 750, such as one or more interfaces compatible with one or more of USB/SPI/l2C/GPIO protocols, may be present. In addition, a wireless transceiver 790, which may be a Bluetooth™ low energy or other short-range wireless transceiver is present to enable wireless communications as described herein. Understand that in different implementations a wearable module can take many other forms.
[0074] FIG. 8 illustrates another system 800 which may be a smartphone, wearable device or so forth to perform proximity-based authentications as described herein. As seen, system 800 includes a communications/applications processor 810, which may be a main processor of the system and which in turn may wirelessly
communicate, e.g., according to at least a cellular communication protocol, via an antenna 812. Processor 810 further couples to a secure element 815 which in an embodiment can be implemented as a separate component, such as a hardened microcontroller unit or other circuit, and which may independently communicate via another antenna 817, in an embodiment. Secure element 815 may perform user proximity-based authentications. As seen, additional components of system 800 include a non-volatile memory 820, which may be used to store a database of tokens, as well as an authentication policy. One or more proximity sensors 825 may be configured to indicate proximity of a user. In addition, user adaptation can also be identified based at least in part on one or more body sensors 830, such as a heart rate sensor. In addition, system 800 includes one or more accelerometers 840, such as a multi-axis accelerator. In an embodiment, system 800 may be a rechargeable battery-powered device and thus a power delivery network 850 may include one or more voltage regulators, battery charger and so forth to receive power from a battery, as well as to provide a recharging current from an external connection, such as a wireless or USB connection to the battery. Understand while shown at this high level in the embodiment of FIG. 8, many variations and alternatives are possible.
[0075] Referring now to FIG. 9, shown is a flow diagram of a method in accordance with an embodiment. In the embodiment of FIG. 9, various operations enable a proximity-based authentication to occur between a wearable device and another computing device. Method 900 begins by generating a proximity token responsive to user adaptation of the wearable device (block 910). In some cases, the wearable device itself may generate this proximity token, e.g., with a timestamp, and store it in a database of the wearable device. In a wearable device having insufficient computing capacity, this token may be received from another system. Thereafter, at block 920 a user authentication protocol is performed between the wearable device and a second computing device. As one example, this second computing device may be a work desktop computer of a user and to which the user has separately performed one or more factors of an authentication protocol.
[0076] Still with reference to FIG. 9, at block 930 the wearable device may receive an authentication token and store it in the database. This authentication token may be received from the second computing device and may include, for example, another timestamp associated with the time at which the user authenticated to the second computing device.
[0077] At this point, the wearable device may monitor for continued user presence. During such time it may be determined whether the user has attempted to access the second computing device (diamond 950). If so, both tokens (the authentication token and the proximity token) may be sent from the wearable device to the second computing device (block 960). In an embodiment, this communication may be responsive to a user authentication request received in the wearable device from the second computing device. Optionally, at block 970 the wearable device may receive an indication of authentication of the user to the second computing device. Next, at diamond 980 it is determined whether the user presence is maintained (such as whether the user has continued to associate with the wearable device). If not, control passes to block 990 where the tokens can be deleted from the database of the wearable device to prevent continued/further authentication of the user. As such, the wearable device may send a loss of trust event to the second computing device. Understand that depending on a given security policy, the second computing device may de-authenticate the user and similarly remove tokens. Or in other cases, the second computing device may simply prevent further protected session access until the user again returns in close proximity to the second computing device. In some cases, the security policy may further require the user again to adapt the wearable device before authenticating (or re-authenticating) to the second computing device. Understand while shown at this high level in the illustration of FIG. 9, many variations and alternatives are possible. [0078] The following Examples pertain to further embodiments.
[0079] In Example 1 , a first device comprises: a first logic to generate a first token when a user adapts the first device in approximate contact to the user, the first token including a first timestamp; a storage to store the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and a communication module to communicate the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
[0080] In Example 2, the first device of Example 1 further comprises a controller to remove at least the first token when the first user is no longer in the approximate contact to the first device.
[0081 ] In Example 3, the first device of one or more of the above Examples further comprises a sensor to detect when the user is in the approximate contact to the first device.
[0082] In Example 4, the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the first device in approximate contact to the user.
[0083] In Example 5, the second token includes a plurality of fields including a first field to store the second timestamp and a second field to store a location identifier associated with a location at which the user authenticated to the second device.
[0084] In Example 6, the second token further includes a third field to store an authentication factor indicator to indicate an authentication factor associated with the second token and a fourth field to store an authentication confidence indicator to indicate a level of authentication confidence associated with the authentication of the user by the authentication factor.
[0085] In Example 7, the storage of one or more of the above Examples is to store a third token, where the second token is associated with a first factor of the user authentication to the second device and the third token is associated with a second factor of the user authentication to the second device.
[0086] In Example 8, the authenticator comprises a remote authentication service.
[0087] In Example 9, the first device comprises a wearable module including at least one core, a power delivery circuit, at least one sensor, and where the
communication module comprises a short-range wireless transceiver.
[0088] In Example 10, a method comprises: generating a second token having a second timestamp, responsive to authentication of a user to the computing system at a first time; sending the second token to a wearable device associated with the user to enable storage of the second token in the wearable device; receiving a first token and the second token from the wearable device and determining whether to authenticate the user to the computing system at a second time according to a security policy; and if the user is authenticated at the second time, granting access to a protected session within the computing system.
[0089] In Example 1 1 , the method further comprises authenticating the user to the computing system at the first time according to a multi-factor authentication.
[0090] In Example 12, the method further comprises generating the second token responsive to a first authentication factor of the multi-factor authentication and storing an authentication indicator in a first field of the second token to indicate an authentication factor associated with the first authentication factor.
[0091 ] In Example 13, the method further comprises generating the second token further responsive to a second authentication factor of the multi-factor authentication and storing an authentication indicator in a second field of the second token to indicate an authentication factor associated with the second authentication factor.
[0092] In Example 14, the method further comprises sending the first token and the second token to a remote authentication server, and providing a grant indication received from the remote authentication server to the wearable device when the user is authenticated at the second time. [0093] In Example 15, the remote authentication server is to enable the user to access a second computing system when the wearable device is adapted in close proximity to the user, based at least in part on the first token and the second token.
[0094] In Example 16, the method further comprises preventing continued access to the protected session responsive to receipt of a loss of trust indication from the wearable device.
[0095] In Example 17, the method further comprises sending the first token from the computing system to a second computing system to enable the second computing system to automatically authenticate the user when the wearable device is adapted in close proximity to the user and the wearable device is within a threshold proximity of the second computing system.
[0096] In another example, a computer readable medium including instructions is to perform the method of any of the above Examples.
[0097] In another example, a computer readable medium including data is to be used by at least one machine to fabricate at least one integrated circuit to perform the method of any one of the above Examples.
[0098] In another example, an apparatus comprises means for performing the method of any one of the above Examples.
[0099] In Example 18, a system comprises: a first processor to execute one or more applications, including a cellular telephone application; and a second processor comprising a secure logic to generate and store a first token in a non-volatile storage when a user is authenticated to the system and send the first token to a second device when the second device is adapted in approximate contact to the user and is in close proximity to the system, where the secure logic is to remove at least the first token from the non-volatile storage responsive to disassociation of the user from the second device.
[0100] In Example 19, the secure logic is to remove at least the first token responsive to a loss of trust assertion from the second device, the second device comprising a logic to determine the user disassociation based on which the loss of trust assertion is generated.
[0101 ] In Example 20, the secure logic is to communicate at least the first token to a second computing system to enable the second computing system to automatically authenticate the user when the second device is adapted in the approximate contact to the user and the second device is within a threshold proximity of the second computing system.
[0102] In Example 21 , an apparatus comprises: means for generating a first token when a user adapts the apparatus in approximate contact to the user, the first token including a first timestamp; means for storing the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and means for communicating the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
[0103] In Example 22, the apparatus further comprises a control means for removing at least the first token when the first user is no longer in the approximate contact to the apparatus.
[0104] In Example 23, the apparatus further comprises sensor means for detecting when the user is in the approximate contact to the apparatus.
[0105] In Example 24, the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the apparatus in approximate contact to the user.
[0106] Understand that various combinations of the above examples are possible.
[0107] Embodiments may be used in many different types of systems. For example, in one embodiment a communication device can be arranged to perform the various methods and techniques described herein. Of course, the scope of the present invention is not limited to a communication device, and instead other embodiments can be directed to other types of apparatus for processing instructions, or one or more machine readable media including instructions that in response to being executed on a computing device, cause the device to carry out one or more of the methods and techniques described herein.
[0108] Embodiments may be implemented in code and may be stored on a non- transitory storage medium having stored thereon instructions which can be used to program a system to perform the instructions. Embodiments also may be
implemented in data and may be stored on a non-transitory storage medium, which if used by at least one machine, causes the at least one machine to fabricate at least one integrated circuit to perform one or more operations. The storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, solid state drives (SSDs), compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions.
[0109] While the present invention has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous
modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this present invention.

Claims

What is claimed is: 1 . A first device comprising:
a first logic to generate a first token when a user adapts the first device in approximate contact to the user, the first token including a first timestamp;
a storage to store the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and
a communication module to communicate the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
2. The first device of claim 1 , further comprising a controller to remove at least the first token when the first user is no longer in the approximate contact to the first device.
3. The first device of claim 2, further comprising a sensor to detect when the user is in the approximate contact to the first device.
4. The first device of claim 1 , wherein the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the first device in approximate contact to the user.
5. The first device of claim 4, wherein the second token includes a plurality of fields including a first field to store the second timestamp and a second field to store a location identifier associated with a location at which the user authenticated to the second device.
6. The first device of claim 5, wherein the second token further includes a third field to store an authentication factor indicator to indicate an authentication factor associated with the second token and a fourth field to store an authentication confidence indicator to indicate a level of authentication confidence associated with the authentication of the user by the authentication factor.
7. The first device of claim 1 , wherein the storage is to store a third token, wherein the second token is associated with a first factor of the user authentication to the second device and the third token is associated with a second factor of the user authentication to the second device.
8. The first device of claim 1 , wherein the authenticator comprises a remote authentication service.
9. The first device of claim 1 , wherein the first device comprises a wearable module including at least one core, a power delivery circuit, at least one sensor, and wherein the communication module comprises a short-range wireless transceiver.
10. A method comprising:
generating a second token having a second timestamp, responsive to authentication of a user to the computing system at a first time;
sending the second token to a wearable device associated with the user to enable storage of the second token in the wearable device;
receiving a first token and the second token from the wearable device and determining whether to authenticate the user to the computing system at a second time according to a security policy; and
if the user is authenticated at the second time, granting access to a protected session within the computing system.
1 1 . The method of claim 10, further comprising authenticating the user to the computing system at the first time according to a multi-factor authentication.
12. The method of claim 1 1 , further comprising generating the second token responsive to a first authentication factor of the multi-factor authentication and storing an authentication indicator in a first field of the second token to indicate an authentication factor associated with the first authentication factor.
13. The method claim 12, further comprising generating the second token further responsive to a second authentication factor of the multi-factor authentication and storing an authentication indicator in a second field of the second token to indicate an authentication factor associated with the second authentication factor.
14. The method of claim 10, further comprising sending the first token and the second token to a remote authentication server, and providing a grant indication received from the remote authentication server to the wearable device when the user is authenticated at the second time.
15. The method of claim 14, wherein the remote authentication server is to enable the user to access a second computing system when the wearable device is adapted in close proximity to the user, based at least in part on the first token and the second token.
16. The method of claim 10, further comprising preventing continued access to the protected session responsive to receipt of a loss of trust indication from the wearable device.
17. The method of claim 10, further comprising sending the first token from the computing system to a second computing system to enable the second computing system to automatically authenticate the user when the wearable device is adapted in close proximity to the user and the wearable device is within a threshold proximity of the second computing system.
18. A machine-readable storage medium including machine-readable instructions, when executed, to implement a method as claimed in any one of claims 10 to 17.
19. A system comprising:
a first processor to execute one or more applications, including a cellular telephone application; and
a second processor comprising a secure logic to generate and store a first token in a non-volatile storage when a user is authenticated to the system and send the first token to a second device when the second device is adapted in approximate contact to the user and is in close proximity to the system, wherein the secure logic is to remove at least the first token from the non-volatile storage responsive to disassociation of the user from the second device.
20. The system of claim 19, wherein the secure logic is to remove at least the first token responsive to a loss of trust assertion from the second device, the second device comprising a logic to determine the user disassociation based on which the loss of trust assertion is generated.
21 . The system of claim 19, wherein the secure logic is to communicate at least the first token to a second computing system to enable the second computing system to automatically authenticate the user when the second device is adapted in the approximate contact to the user and the second device is within a threshold proximity of the second computing system.
22. An apparatus comprising:
means for generating a first token when a user adapts the apparatus in approximate contact to the user, the first token including a first timestamp;
means for storing the first token and a second token, the second token obtained from an authenticator and associated with an authentication of the user to a second device, the second token including a second timestamp; and
means for communicating the first token and the second token to the second device to cause the second device to authenticate the user based on the first and second tokens.
23. The apparatus of claim 22, further comprising a control means for removing at least the first token when the first user is no longer in the approximate contact to the apparatus.
24. The apparatus of claim 23, further comprising sensor means for detecting when the user is in the approximate contact to the apparatus.
25. The apparatus of claim 22, wherein the first token includes a plurality of fields including a first field to store the first timestamp and a second field to store a location identifier, the location identifier corresponding to a location at which the user adapted the apparatus in approximate contact to the user.
PCT/US2016/020615 2015-04-14 2016-03-03 Performing user seamless authentications WO2016167895A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP16780420.2A EP3283997A4 (en) 2015-04-14 2016-03-03 Performing user seamless authentications
CN201680015830.9A CN107408167A (en) 2015-04-14 2016-03-03 Perform the seamless certification of user

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201562147080P 2015-04-14 2015-04-14
US62/147,080 2015-04-14
US14/859,611 2015-09-21
US14/859,611 US20160306955A1 (en) 2015-04-14 2015-09-21 Performing user seamless authentications

Publications (1)

Publication Number Publication Date
WO2016167895A1 true WO2016167895A1 (en) 2016-10-20

Family

ID=57126943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2016/020615 WO2016167895A1 (en) 2015-04-14 2016-03-03 Performing user seamless authentications

Country Status (4)

Country Link
US (1) US20160306955A1 (en)
EP (1) EP3283997A4 (en)
CN (1) CN107408167A (en)
WO (1) WO2016167895A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3289789B1 (en) 2015-05-01 2020-06-24 Assa Abloy AB Wearable discovery for authentication

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9942222B1 (en) * 2014-09-02 2018-04-10 Amazon Technologies, Inc. Authentication with wearable device
CN105224848B (en) * 2015-10-15 2019-06-21 京东方科技集团股份有限公司 A kind of equipment authentication method, apparatus and system
US10039145B2 (en) * 2015-11-19 2018-07-31 Nike, Inc. System, apparatus, and method for received signal strength indicator (RSSI) based authentication
US10530768B2 (en) * 2016-04-19 2020-01-07 Microsoft Technology Licensing, Llc Two-factor authentication
US11601806B2 (en) * 2016-09-28 2023-03-07 Sony Corporation Device, computer program and method
US10749863B2 (en) 2017-02-22 2020-08-18 Intel Corporation System, apparatus and method for providing contextual data in a biometric authentication system
WO2018176020A1 (en) * 2017-03-24 2018-09-27 Icrypto, Inc System and method for confirming a person's identity
US20180317085A1 (en) * 2017-05-01 2018-11-01 Avaya Inc. Device authentication
KR102413638B1 (en) * 2017-05-30 2022-06-27 삼성에스디에스 주식회사 System and method for authentication service
US20190044942A1 (en) * 2017-08-01 2019-02-07 Twosense, Inc. Deep Learning for Behavior-Based, Invisible Multi-Factor Authentication
KR101981942B1 (en) * 2017-08-30 2019-05-24 (주)와이브레인 Method of configuring usage authorization of brain stimulation and device implementing thereof
US10970996B1 (en) * 2018-07-23 2021-04-06 2320 Solutions, Llc System for automatically opening a lid to a grain bin
BR102018016532A2 (en) * 2018-08-13 2020-03-10 Marcelo Goulart Tozatto SYSTEM AND METHOD OF MONITORING AND MANAGEMENT OF INTERACTIONS BETWEEN LIVING AND / OR INANIMATED ENTITIES
US11523276B2 (en) * 2019-06-28 2022-12-06 Bank Of America Corporation Utilizing a high generation cellular network to authorize an event
US11546334B2 (en) * 2019-07-29 2023-01-03 Citrix Systems, Inc. Client device configuration for remote digital workspace access
WO2021034299A1 (en) * 2019-08-16 2021-02-25 Google Llc User movement detection for verifying trust between computing devices
US11172354B2 (en) * 2019-12-13 2021-11-09 Google Llc Updating settings of a wireless device by exchanging authentication and configuration information via an inductive coupling link
WO2021232347A1 (en) * 2020-05-21 2021-11-25 Citrix Systems, Inc. Cross device single sign-on
US11803626B2 (en) * 2021-06-08 2023-10-31 Mewt LLC Wireless kill switch

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040256452A1 (en) * 2003-06-19 2004-12-23 Coughlin Michael E. RFID tag and method of user verification
US20110214158A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Wireless communications system providing mobile device authentication bypass based upon user-wearable security device and related methods
US20130010962A1 (en) * 2003-09-30 2013-01-10 Broadcom Corporation Proximity Authentication System
WO2014126987A1 (en) * 2013-02-14 2014-08-21 Google Inc. Authentication to a first device using a second device
US20150070134A1 (en) * 2013-09-10 2015-03-12 Intel Corporation Authentication system using wearable device

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7219154B2 (en) * 2002-12-31 2007-05-15 International Business Machines Corporation Method and system for consolidated sign-off in a heterogeneous federated environment
US7340525B1 (en) * 2003-01-24 2008-03-04 Oracle International Corporation Method and apparatus for single sign-on in a wireless environment
US7711647B2 (en) * 2004-06-10 2010-05-04 Akamai Technologies, Inc. Digital rights management in a distributed network
US20060021018A1 (en) * 2004-07-21 2006-01-26 International Business Machines Corporation Method and system for enabling trust infrastructure support for federated user lifecycle management
US7631346B2 (en) * 2005-04-01 2009-12-08 International Business Machines Corporation Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
US8171531B2 (en) * 2005-11-16 2012-05-01 Broadcom Corporation Universal authentication token
WO2007060016A2 (en) * 2005-11-28 2007-05-31 Koninklijke Kpn N.V. Self provisioning token
US20070154016A1 (en) * 2006-01-05 2007-07-05 Nakhjiri Madjid F Token-based distributed generation of security keying material
US8151116B2 (en) * 2006-06-09 2012-04-03 Brigham Young University Multi-channel user authentication apparatus system and method
WO2009007148A1 (en) * 2007-07-10 2009-01-15 International Business Machines Corporation System and method of controlling access to services
EP2524471B1 (en) * 2010-01-12 2015-03-11 Visa International Service Association Anytime validation for verification tokens
JP2012008756A (en) * 2010-06-24 2012-01-12 Sony Corp Information processing device, information processing method and program
CN202475452U (en) * 2011-12-30 2012-10-03 深圳市文鼎创数据科技有限公司 Dynamic token provided with optical communication unit
US10165440B2 (en) * 2012-01-17 2018-12-25 Entrust, Inc. Method and apparatus for remote portable wireless device authentication
US8995960B2 (en) * 2012-02-10 2015-03-31 Dedo Interactive, Inc. Mobile device authentication
US8819445B2 (en) * 2012-04-09 2014-08-26 Mcafee, Inc. Wireless token authentication
US8856887B2 (en) * 2012-07-09 2014-10-07 Ping Identity Corporation Methods and apparatus for delegated authentication token retrieval
US20140279528A1 (en) * 2013-03-15 2014-09-18 Motorola Mobility Llc Wearable Authentication Device
CN104182670B (en) * 2013-05-21 2017-12-22 百度在线网络技术(北京)有限公司 The method and Wearable being authenticated by Wearable
CN103310142B (en) * 2013-05-22 2015-10-07 复旦大学 Based on the human-computer fusion safety certifying method of wearable device
CN104346548A (en) * 2013-08-01 2015-02-11 华为技术有限公司 Wearable equipment and authentication method thereof
CN103428001B (en) * 2013-09-05 2016-08-17 中国科学院信息工程研究所 A kind of implicit expression strengthens convenient WEB identity authentication method
US9558336B2 (en) * 2013-10-04 2017-01-31 Salutron Inc. Persistent authentication using sensors of a user-wearable device
US20150228135A1 (en) * 2014-02-12 2015-08-13 Viking Access Systems, Llc Movable barrier operator configured for remote actuation
US9826400B2 (en) * 2014-04-04 2017-11-21 Qualcomm Incorporated Method and apparatus that facilitates a wearable identity manager
CN104125072A (en) * 2014-08-05 2014-10-29 上海众人科技有限公司 Method and system for non-contact dynamic password authentication
CN104407708B (en) * 2014-12-08 2018-04-10 东莞宇龙通信科技有限公司 Notify reminding method, notice suggestion device, terminal and notice prompt system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040256452A1 (en) * 2003-06-19 2004-12-23 Coughlin Michael E. RFID tag and method of user verification
US20130010962A1 (en) * 2003-09-30 2013-01-10 Broadcom Corporation Proximity Authentication System
US20110214158A1 (en) * 2010-02-26 2011-09-01 Research In Motion Limited Wireless communications system providing mobile device authentication bypass based upon user-wearable security device and related methods
WO2014126987A1 (en) * 2013-02-14 2014-08-21 Google Inc. Authentication to a first device using a second device
US20150070134A1 (en) * 2013-09-10 2015-03-12 Intel Corporation Authentication system using wearable device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3283997A4 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3289789B1 (en) 2015-05-01 2020-06-24 Assa Abloy AB Wearable discovery for authentication
US11087572B2 (en) 2015-05-01 2021-08-10 Assa Abloy Ab Continuous authentication
US11468720B2 (en) 2015-05-01 2022-10-11 Assa Abloy Ab Wearable misplacement

Also Published As

Publication number Publication date
EP3283997A1 (en) 2018-02-21
US20160306955A1 (en) 2016-10-20
CN107408167A (en) 2017-11-28
EP3283997A4 (en) 2018-12-12

Similar Documents

Publication Publication Date Title
US20160306955A1 (en) Performing user seamless authentications
US10154461B2 (en) Wireless networking-enabled personal identification system
US10009327B2 (en) Technologies for secure storage and use of biometric authentication information
TWI602048B (en) User authentication device
KR101833965B1 (en) Distributing biometric authentication between devices in an ad hoc network
US9898880B2 (en) Authentication system using wearable device
EP3014507B1 (en) Continuous multi-factor authentication
CN110741370A (en) Biometric authentication using user input
US8656455B1 (en) Managing data loss prevention policies
JP6708958B2 (en) Information processing terminal, information processing system, program, and control method
CN107113611B (en) User authentication confidence based on multiple devices
US11044611B2 (en) Authentication for device access
US11463449B2 (en) Authentication for key access
US20210385653A1 (en) Cryptographic process for portable devices, and user presence and/or access authorization system and method employing same
US20160088474A1 (en) Performing Pairing And Authentication Using Motion Information
US11562054B2 (en) Authorized gesture control methods and apparatus
US11539706B2 (en) Authorized off-line access methods and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16780420

Country of ref document: EP

Kind code of ref document: A1

REEP Request for entry into the european phase

Ref document number: 2016780420

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE