WO2018106836A1 - Mécanismes de contrôle d'accès basés sur un comportement informatique - Google Patents

Mécanismes de contrôle d'accès basés sur un comportement informatique Download PDF

Info

Publication number
WO2018106836A1
WO2018106836A1 PCT/US2017/064961 US2017064961W WO2018106836A1 WO 2018106836 A1 WO2018106836 A1 WO 2018106836A1 US 2017064961 W US2017064961 W US 2017064961W WO 2018106836 A1 WO2018106836 A1 WO 2018106836A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
temporal sequence
computing device
parameter values
data
Prior art date
Application number
PCT/US2017/064961
Other languages
English (en)
Inventor
Shamim A. Naqvi
Robert Frank RAUCCI
Original Assignee
Sensoriant, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sensoriant, Inc. filed Critical Sensoriant, Inc.
Publication of WO2018106836A1 publication Critical patent/WO2018106836A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity

Definitions

  • a method of authorizing a user to access a resource over a communication network is provided.
  • a temporal sequence of operational data of parameter values for one or more parameters monitored by a computing device associated with the user are received over a communication network from the computing device.
  • the temporal sequence of operational data is compared to a temporal sequence of previously received training data of parameter values previously monitored by the communication device for the one or more parameters.
  • the computing device is allowed access to the resource if the temporal sequence of previously received training data matches the temporal sequence of operational data to within a specified confidence level.
  • a method of gaining access to a resource over a communication network includes: (i) obtaining, with a computing device associated with a user, a temporal sequence of training parameter values for one or more parameters being monitored by the computing device; (ii) sending the training parameter values over a communication network from the computing device to an access control mechanism associated with the resource; (iii) subsequent to (i), obtaining, with the computing device, a temporal sequence of operating parameter values for the one or more parameters being monitored by the computing device; (iv) sending the operating parameter values over the communication network from the computing device to the access control mechanism; and (vi) receiving from the access control mechanism over the communication network access to the resource if the temporal sequence of training parameters values matches the temporal sequence of operational parameter values to within a specified confidence level.
  • FIG. 1 A illustrates one example of a process that may be employed to allow user access to a database or other resource.
  • FIG. IB illustrates one example of an Environment Sensory Dataset that may be obtained by monitoring service logic in a user computing device.
  • FIG. 2 illustrates an exemplary finite state machine or profile.
  • FIG. 3 A illustrates an exemplary relational database table.
  • FIG. 3B is a flowchart illustrating one example of a method for deriving device profiles or finite state machine representations of environmental sensory datasets.
  • FIG. 4 is a flowchart illustrating one example of a method by which a user replaces a lost computing device that incorporated monitoring service logic and associated data for gain access to one or more resources.
  • FIG. 5 illustrates on example of a task list of tasks that a user of a lost computing device may be asked to perform on a replacement computing device.
  • FIG. 6 illustrates multiple user computing devices that may be associated with a single user.
  • FIG. 7 shows an example architecture for a device such as the user computing device or the access control mechanism that executes the supervisory program that provides a user access to a database or other online resource.
  • Authentication mechanisms comprise the fundamental components of database systems since unauthorized access may lead to loss of data, privacy of users, user data, corporate data, etc. Such losses of data are often referred to in literature as data breaches. Authentication technologies and mechanisms contribute in large measure to consumer and commercial trust in database technology. [0016] Authentication mechanisms are also used by consumers to gain access to many computer systems and websites. Once granted access a consumer may then be authorized to access different kinds of data and resources. A malicious entity gaining access to a computer system or a website may thus cause damage by corrupting data, sending false messages, planting code that allows future unauthorized accesses (i.e., Trojan horses), etc. Unauthorized access may ultimately be parlayed by malicious entities into large number of users to lose their personal and business data.
  • the present invention presents methods for improving access control mechanisms of database technology by minimizing the probability by which username/password combinations may be guessed or computed by malicious entities.
  • a hallmark of the present invention is that it may be used to control access to database systems and other computing resources when enormously powerful computers, e.g., von Neumann machines fabricated using 10 Nm class of technology or even quantum computers, that may calculate quadrillions of combinations in an exceedingly small amount of time, e.g., by exploiting (quantum) parallelism, become commercially available.
  • Such computers may be capable of breaking access control mechanisms that are based on combinations of characters.
  • a database system may employ both the mechanism of the present invention and a conventional username/password (or other) mechanism.
  • the term authentication refers to establishment of a user's identity. For example, in online environments, touch surfaces are being introduced to read the fingerprints of users to establish authentication. Retina scans have been discussed in prior art. Facial images are being interpreted to recognize consumers and allow or disallow access.
  • authorization usually defines services that people can access or that may be made available to them. For example, in some countries, purchase of certain items is dependent on the customer's proof of age. In the US, it is possible to purchase tobacco products or gain admittance to nightclubs based on proof of age. Thus, once a consumer has been authenticated, he may be allowed access to tobacco or other resources.
  • a more recent innovation in online credentials is the method of private and public key mechanisms (also sometimes referred to as private and public addresses).
  • users generate a pair of keys.
  • a key is a bit string whose length is commonly expressed in bits, e.g., 256 bits.
  • hexadecimal digits in base-16 arithmetic are used to specify the length of a string where a hexadecimal is represented by 4 bits.
  • the hexadecimal digits are [0-9, A-F].
  • a private or public key is a sequence of binary digits with a pre-determined length, e.g., 64-hexadecimal digits.
  • the keys are generated by well-known processes.
  • a crucial property of the private/public mechanisms is that users are required to safeguard the private key since any user with a private key is assumed to be
  • a third authentication mechanism is that of fingerprint recognition using touch surfaces such as provided by modern mobile phone displays.
  • the main problem with this technology is the public's concern with invasion of privacy and sharing of fingerprints by the controlling service provider with unauthorized entities and agencies. Therefore, users prefer that their fingerprint data be kept on their local device and not be uploaded to servers. If a user loses his personal device, he is then required to acquire a new device, reestablish his credentials with the service provider using one of the two methods described above (username/password combination or private key) and then re-establish his fingerprint identity on the local device.
  • fingerprint authentication reduces to username/password authentication in the case of loss of device.
  • modern users have multiple and an increasing number of smart devices, the concomitant problems of username/password based mechanisms are expected to multiply.
  • user computing device denotes devices with one or more processors, wireless and/or wireline communication capabilities and interfaces, and input/output interfaces (e.g., touch surfaces).
  • one or more sensor devices may be contained in or associated with a user computing device, e.g., temperature, location, motion and imaging sensors, etc. Examples of such devices without limitation are smart phones, personal digital assistants, tablet computers, desktop computers, laptops, smart glasses, smart watch, etc. We assume that users referred to herein have one or more user computing devices.
  • User computing devices may be responsive to user issued commands.
  • a user may also cause user computing devices to be under programmatic control and exhibit "standalone" behavior, i.e., the user may issue a programmatic policy that controls one or more actions undertaken by the device over a period.
  • Certain classes of user computing devices may also exhibit semi-autonomous behavior in the sense that they may respond to external stimuli, e.g., received via one or more sensor devices associated with the device, without apparent intervention by the user.
  • a user computing device may inject one or more computer programs into a database or computer system wherein the injected program(s) may run over a period and exhibit apparent autonomous behavior.
  • a method of the present invention is based in part on sensory data obtained from a user's smart devices, sensors associated with the user's smart devices, other smart devices near the user, networks (wired and/or wireless) in communication with the user's device, application programs used by the user, and so on.
  • Data from physical or software-based sensors within or proximate to smart devices may be received, processed and collected by user devices or sent to servers in network connection with the smart devices.
  • the work location of a user may support a Wi-Fi network.
  • his smart device may connect with the Wi-Fi network, receive data from the Wi-Fi router, record said data or send it to a server connected to said smart device.
  • a user when a user is at home, his smart phone may connect to his home Wi-Fi network that may generate a different data set.
  • his smart device When the user is in his car, his smart device may establish a Bluetooth connection with the music system of his car, thus generating other recordable data.
  • the present invention envisions a monitoring program embedded in a user computing device collecting environmental sensory datasets that are then, in turn, used to obtain and store one or more device profiles over a pre-determined time, say 1 week. Next, we may collect an environmental sensory dataset, say daily, and obtain a daily device profile from it. An authentication mechanism may then "match" the weekly device profiles with a "daily” device profile and allow or disallow a user from accessing one or more resources.
  • the device profile as described represents an encapsulation of the user's computational behavior over a period. Authentication mechanisms based on such user behaviors thus do not rely on username/password combinations and are not susceptible to malicious attacks based on "computing or guessing" username/password combinations. It should be further noted that although the methods described herein based user behavior patterns generally may be assumed to be sufficient to authenticate the user, in some cases it will only be necessary to use these behavior patterns to authorize a user to gain access to a resource, without also assuming that the user has in fact been authenticated.
  • the amount of user behavior that needs to be examined and the degree to which it is required to match training data may differ depending on whether, for instance, only authorization is to be provided or both authentication and authorization are to be provided. For example, authentication and authorization may require more stringent criteria than authorization alone.
  • Profiles based on computational behavior of a user may be circumvented by "mimicking" a user's computational behavior over a given period of time. We believe such mimicking activity to be mostly impractical. For example, it may entail a malicious agent to gain physical access for several hours to a user's office, his home or access his Wi-Fi networks, access to a user's smart car, etc.
  • a database system uses the methods described herein as an authentication mechanism for controlling user access by constructing a supervisory program running in the database system.
  • the supervisory program uses the methods described herein to allow or disallow access to the database system.
  • Users wishing to access the database system are required to possess one or more user computing devices that are provisioned by the supervisory program with a monitoring service logic, i.e., a computer program, to collect environmental and sensory data into a dataset.
  • a monitoring service logic i.e., a computer program
  • a user may utilize the fingerprint mechanism of his device to authenticate himself to his device that may then acquire, e.g., download, the monitoring service logic.
  • the supervisory program may now trigger the monitoring service logic to begin a so-called “training phase” during which the logic collects environmental sensory data from the user computing device. Having collected the dataset, the monitoring service logic communicates it to the supervisory program that, in turn, obtains one or more profiles of the user device for the received dataset. These profiles, called “training profiles”, will be used by the supervisory program as an authentication mechanism.
  • the supervisory program Having derived the training profiles, the supervisory program triggers the monitoring service logic to enter an "operational phase” in which an "operational" environmental sensory dataset is collected by the logic.
  • the supervisory program When the user wishes to access the database system, the supervisory program requests the monitoring service logic to provide it the "operational" dataset from which the supervisory program obtains one or more operational profiles.
  • the latter are
  • FIG. 1 A summarizes the above general approach of the inventions described herein.
  • a function of the monitoring service logic during the training phase is to record various parameter values concerning the user's environment and actions at a periodic rate. These values may be recorded in a dataset and communicated to the supervisory program. In some embodiments, the supervisory program or the monitoring logic may represent the dataset in multiple ways.
  • One way to organize the environmental sensory dataset is as a tabular data structure (see, e.g., FIG. IB).
  • the recording function of the monitoring logic records values of the computational environment of the user device and the values so obtained are arranged in rows (data records) of the tabular data structure.
  • FIG. IB shows exemplary data records that may be obtained by the monitoring service logic during the training phase. Note that operations that construct such tabular structures are known in prior art and may be programmed by people with ordinary skill. In some embodiments, the periodicity of the recording operation of the monitoring service logic may be adjusted or altered randomly or by system policy.
  • FIG. IB represent "snapshots in time" of the user's computational environment.
  • the first row of the table may be interpreted as follows.
  • the user is connected to the cellular network "cell-1" having launched application "DB1".
  • the user computing device has 5 "user” processes (as opposed to “system” processes). (Note that the latter information is typically available to computer programs by making a system call to the operating system of the user computing device.)
  • the "write” process has taken the maximum amount of time from all user processes, the maximum value being 50 units of time.
  • the DHCP (Dynamic Host Configuration Protocol) parameters column shows the IP address being "IP1". (Other DHCP parameters are not shown.)
  • the second row (Time Instant T2) may be interpreted as being similar to row 1, the differences being that at time instant T2 the number of user processes is 7 and the process that has taken the most time is "read" with value 70 units.
  • the third row (Time Instant T3) of the table shows the user device being connected to a Wi-Fi network named "abc” that has another device "iPhonel23" connected to it also.
  • abc Wi-Fi network
  • IB we denote devices that are connected to the same Wi-Fi network as “nearby” devices.
  • Nearby Devices may additionally include devices that detect, discover or connect to proximate devices using various authorization and/or authentication schemes. For example, devices using the Bluetooth discovery protocol may require pin codes or passwords for "pairing”.
  • NFC Near Field
  • Communication protocols may require biometric verification of one or more users when establishing communications between user devices. Many discovery and proximity protocols are known in prior art.
  • row 3 also shows that the user device is now running application “Spotify” with 3 user processes and that the process “Spotify” has taken 20 units of time.
  • FIG. IB shows the states of the user's environment as discerned by his computing device(s). (Whereas FIG. IB shows data from a single device, we will shortly introduce the notion of users with multiple computing devices.)
  • the parameter "Wired Network” has empty parameter values for all states (rows). This may be interpreted as “the user device does not connect to a wired network in any state during the period Tl through T6".
  • the values of the parameter "GPS Location” may be interpreted as the "user device is in location LI in state at time Tl, has the value L2 in state at T2, etc.”.
  • data records (rows) of the tabular data structure may be viewed as states of the computational behavior of a user device at a given time instant.
  • the columnar values of the tabular data structure may be viewed as parameter values of the states. It is to be noted that the parameters shown in FIG. IB are exemplary. In some embodiments, any number and kind of parameters may be chosen.
  • state machines describe states that are characterized by one or more parameter values and a transition function that imposes an ordering on the states.
  • the states are ordered temporally by the values of the Time Instant parameter of the environmental sensory dataset, i.e., the periodic rate of the recording operation of the monitoring logic.
  • the state machine will have 6 states, say SI through S6, in the temporal sequence SI, followed by S2, ... , followed by S6.
  • Each state of the state machine is characterized by, i.e., contains, one or more parameter values recorded by the recording function of the monitoring service logic from the computational environment of the user device.
  • FIG. 2 shows an exemplary state machine for an environmental sensory dataset collected by the monitoring service logic.
  • the states SI, S2, S3, S4, S5 and S6 correspond to the temporal sequence of the time instants Tl through T6 at which various environmental parameters are recorded.
  • the values of these parameters characterize the states, e.g., state SI is characterized by the list 100.
  • state 100 the user device is indicated to be nearby "iPhonel23" and connected to wireless network Cell-1, etc.
  • a state of a user device is a set of parameter values for a given time instant. Integrating over all the states gives the configuration space of the user device.
  • the environment in which a user device operates may be described as a configuration space of parameters over a set of time instants.
  • a profile of a user device is a projection of the configuration space over the "Time Instant" parameter and one or more additional parameters. That is, profiles comprise of values from two or more parameters.
  • projections of the configuration space of the user device represented by FIG. IB yield sets of parameter values.
  • the projection over the parameters "Time Instant” and "GPS Location” of FIG. IB yields the set of parameter values [(Tl, LI), (T2, LI), (T3, L2), (T4, L3), (T5, L4), (T6, L4)] that may also be referred to as a profile of the user device.
  • the projection over the parameters "Time Instant”, “Wireless Network” and “App Launched” yields the set of parameter values [(Tl, cell-1, DB1), (T2, cell-1, DB1), (T3, abc, Spotify), (T4, teslal23, Spotify), (T5, home345, Video Calling), (T6, home345, Email)].
  • the latter set of parameter values may also be referred to as a profile of the user device.
  • the projection operator of relational algebra teaches methods by which the columnar values of a database table may be extracted. For example, the projection over "Course” of the table of FIG. 3B yields the set of values [cslOO, History200, Math300]. Projecting over "Teacher” yields the set of values [John, Peter, Smith].
  • environmental sensory datasets when represented as tabular data structures may be treated as database tables and the projection operator of relational algebra may be applied to them.
  • the projection operator For example, by applying the projection operator over the parameters Time Instant, Wireless Network and App Launched to the table of FIG. 1, we obtain the set of values [(Tl, cell-1, DB1), (T2, cell-1, DB1), (T3, abc, Spotify), (T4, teslal23, Spotify), (T5, home345, Video Calling), (T6, home345, Email)].
  • this set of values was shown above as an exemplary profile obtained from the configuration space of the user device, i.e., from the environmental sensory dataset.
  • the parameter values in a temporal sequence of states may be associated with the informal narrative: the user device is connected to wireless network "cell-1" at time instants Tl and T2, the user device connects to a wireless network "abc” at instant T3, switches to wireless network "teslal23 at instant T4, and finally connects to wireless network "home345" at instants T5 and T6.
  • Time Instant and Wireless Network may have the parameter values [(Tl, cell-1), (T2, cell-1), (T3, abc), (T4, teslal23), (T5, home345), (T6, home345)] with respect to FIG. 1.
  • Tl, cell-1 the parameter values
  • T2, cell-1 the parameter values
  • T3, abc the parameter values
  • T4, teslal23 the parameter values [(Tl, cell-1), (T2, cell-1), (T3, abc), (T4, teslal23), (T5, home345), (T6, home345)] with respect to FIG. 1.
  • FIG. 3B shows the method by which profiles may be obtained from the state machine representation of an environmental sensory dataset for a given user device by the supervisory program.
  • certain profiles may be specified. For example, we may specify the profile (Time Instant, Wireless Network) as one desired profile.
  • Another exemplary desired profile may be (Time Instant, Nearby Device, App Launched).
  • an exemplary profile i.e., is a list of elements. Note that the parameter Time Instant is included in every element of the list corresponding to a profile.
  • the desired profiles are specified by system administrators to the supervisory program by listing the parameters of the profiles, e.g., the profile corresponding to the parameters (Time Instant, Wireless Network).
  • step 1 the supervisory program of the database system receives environmental sensory datasets from the monitoring service logics provisioned to the one or more computing devices associated with the user of the database system.
  • the supervisory program converts the received dataset into a state machine representation.
  • step 1 the supervisory program has the state machine representation of the environmental dataset and the list of profiles to be obtained from it.
  • step 2 the method tests if all the desired profiles have been obtained. If so, the method terminates. Otherwise, the method proceeds to perform steps 3-6.
  • step 3 we select the (next) profile to be obtained from the input list of profiles.
  • the selected profile specifies the parameters, e.g., profile PI specifies the parameters Time Instant and Wireless Network.
  • step 4 for each specified parameter, assemble the values of the specified parameters from each state of the state machine.
  • step 4 After step 4, a profile has been obtained and we are now ready for obtaining the next profile specified in the input list of desired profiles. In step 5, we return to testing if all desired profiles have been obtained.
  • step 6 The method terminates in step 6 when all desired profiles have been obtained.
  • An exemplary profile obtained as described above may apply to a user named, say John.
  • John is at location "LI" and at time T2 he is at location "L2". At both locations, he is connected to network "cell-1".
  • John connects to network "abc” that may be known to be a coffee shop.
  • John then connects to network "Teslal23” known to be a Wi-Fi network associated with a smart car manufacturer at time T4.
  • T5 and T6 John is connected to network "home345" at location L4 that may be known as John's home address.
  • a "Wireless Network" profile of John's user device may describe a possible sequence of events, e.g., John goes from location LI to L2, enters a coffee shop, later gets into his car and arrives home, the sequence of activities occurring over the period Tl through T6. That is, the profile may capture a computational behavior of the user John.
  • a "Nearby Device” profile of John's user device may show that John connects to network "homel23" for a duration of time "(T5-T4)" with nearby device iPhonel23.
  • T5-T4 a duration of time
  • Device profiles thus represent a user's “historical” computational behavior that may then be compared with his "current” behavior to allow or disallow the user's authentication (and other) requests.
  • the two sets may thus be matched by checking for equality of the elements placed in correspondence.
  • elements of profiles will generally contain two or more components, e.g., pairs, or triples, etc., in which case we place all components in (one-to- one) correspondence.
  • P4 [(Tl, Networkl), (T2, Network3), (T3, Network2)].
  • Network2 of P3 is not equal to element (T2, Network3) of P4.
  • P4' [(Tl, Networkl), (T2, Network2), (T3, Network3)].
  • the change involves exchanging the second component of the second element of P4' with the second component of the third element of P4'.
  • the exchange operation we refer to the exchange operation as a flip and note that in this example we needed 1 flip operation to achieve a successful matching of P3 and P4.
  • the flip operation may be applied to either the training or the operational profiles that are being matched. In some embodiments, the flip operations may be further restricted to apply to either the training profile or the operational profile, but not both.
  • Correspondence-based matching is one strategy for matching two profiles.
  • Another possible strategy may involve using statistical measures such as "total” or "average”.
  • a general method for utilizing user profiles to authenticate a user may involve a two-step process.
  • the supervisory program obtains a group of profiles, called “training profiles”, from the tabular or state machine representations of the environmental dataset of the user device.
  • the user may be allowed temporary and/or restricted access to the system.
  • a secondary authentication mechanism e.g., username/password, may be employed.
  • the user's computing device provides an environmental sensory dataset that is assembled into a tabular data structure, e.g., FIG. IB, or as a state machine (cf. FIG. 2), from which a group of operational profiles are derived.
  • a tabular data structure e.g., FIG. IB
  • a state machine cf. FIG. 2
  • An authentication and/or an authorization mechanism may then be defined by selecting one or more suitable matching strategies in which the training profiles are matched against the corresponding operational profiles.
  • the matching strategies that are employed may in part depend on whether authentication, authorization or both authentication and authorization are to be performed
  • step 100 the user acquires a new device to replace the lost device, identifies himself to the supervisory program using, e.g., a previously assigned username.
  • step 200 the supervisory program provisions the new user device with a special version of the monitoring service logic that allows the generation of operational profiles on a temporary basis.
  • the supervisory program selects one or more of the training profiles associated with the old "lost" user device and constructs a "task list" described below.
  • the task list is communicated to the new user device.
  • step 3 the user executes the task list and the supervisory program determines that the execution was "satisfactory" based on various tests (described below) pertaining to the operational profile generated by the user device whilst executing the task list.
  • step 400 the supervisory program upon satisfactory execution of the task list and tests registers the user's new device.
  • the supervisory program may access one or more training profiles associated with the assigned username.
  • Each profile represents a computational behavior, e.g., a profile may state that the user connected using a wireless network from location LI during time period T3-T2, etc.
  • a profile may be viewed as describing a set of actions undertaken by the user.
  • the supervisory program may thus select one or more training profiles and construct a list of actions, i.e., a task list, that the user may be asked to perform.
  • a task list An exemplary task list is shown in FIG. 5.
  • exemplary task 1 of FIG. 5 the user is asked to determine a place where he was yesterday at a given time.
  • the supervisory program may not reveal the location to the user, thereby requiring the user to perform the task from previously known behaviors. Whilst executing the task list, the (special) monitoring logic in the user device generates an operational profile that may tested by the supervisory program. To check if the user has satisfactorily fulfilled task 1, the supervisory program may check the operational profile to ascertain the indicated GPS location of the user device.
  • the user may be asked to connect to a named wireless network available at the required location, but the password needed for making the connection is not revealed to the user. That is, the supervisory program may expect the user to know the password of the network from past behavior as indicated by his training profiles.
  • the supervisory program asks the user to perform a task that seemingly does not require any past knowledge of the user's behavior. For example, the user may be asked to go to a specified location and perform an action that triggers the supervisory program. For example, the user may be asked to visit a specified website and click an item displayed on the website. (The item may be programmed to deliver a trigger to the supervisory program when clicked. Various methods to achieve such triggering are known in prior art, e.g., hyperlinks.) [0129] Upon receipt of the trigger, the supervisory program may use the GPS sensor of the user device to ascertain the location of the user device.
  • the supervisory program may check the computational environment of the device (via the operational profile) for other parameter values known to the supervisory program from the training profile of the "lost" device, but not known to the current user.
  • the supervisory program may check the operational profile for Nearby Devices that may have "paired" with the old, i.e., lost, device . Since the parameter Nearby Devices is not displayed in the task list shown to the user, the latter may not be aware of the checking performed by the supervisory program.
  • the operational profile may not indicate values of the Nearby Devices parameter or show values that differ from those shown by the training profiles.
  • the former may not know the pin code or password used in the pairing operation with the Nearby Device indicated by the training profile.
  • a particular nearby device is always present.
  • the user may have a dog wearing a smart collar that pairs with the owner's computing device using a discovery and/or proximity protocol.
  • the user may be set the task to connect to his home network.
  • the supervisory program may check for the value of the Nearby Device parameter in the operational profile.
  • the identity of the user may be established by the successful pairing of his new computing device with the dog's collar.
  • exemplary task 3 the user may be asked to perform tasks requiring prior knowledge of the user, e.g., determine an application used on multiple occasions on a given day.
  • the above process for associating a new user device with a previously known user may be implemented as an online game wherein the user of the new computing device is assigned a task list.
  • the user may be assigned points in the sense that each satisfactory execution of a task may result in a given number of points.
  • the user based on the knowledge of his computational history, he collects points or accumulates treasure and a certain, e.g., cumulative score, may be used to indicate success.
  • the methods of the present invention may not authenticate a user who radically and suddenly changes his normal computational behavior or routine.
  • a user who is quite regular in his daily routine His environmental sensory dataset is developed as explained above. If one day the user alters his routine, e.g., goes on vacation to an exotic locale, his training and operational profiles may not match.
  • a user informs the supervisory program of his plans, e.g., intention to travel to a specific new location for one week.
  • the supervisory program assigns certain tasks for the user to perform when the user reaches the new location. (In some embodiments, in transit actions may also be proposed.)
  • the user may be asked to remember a short message and send it as a text message to a specified address upon reaching the new location.
  • a user may be asked to connect with a known Wi-Fi network at the new location, e.g., the Wi-Fi network of a known hotel.
  • the user may be asked to visit a specified website upon reaching the specified location and click a specified item on the website.
  • receipt of the text message or the clicking action of the user may trigger the supervisory program.
  • the supervisory program may now not only ascertain that the user is at the specified location (via GPS coordinates obtained from the user device), but also it may trigger the monitoring logic in the user device to collect a new training dataset. The latter may then be utilized by the supervisory program to obtain one or more new training profiles.
  • the supervisory program receives the environmental sensory datasets from the user's computing devices, and constructs a set of training profiles that may then be used to authenticate the user for the duration of the user's sojourn.
  • FIG. 6 shows four user computing devices assigned to a single user that provide environmental sensory datasets to the supervisory program that then constructs a tabular data structure and derives one or more user profiles for the given user as described by the methods of FIG. 3 A. This process may be used for every user of the system.
  • the inventions described herein may be used to detect Trojan horses as follows. Recall that we associate training profiles with a user derived from his computational behavior, which in turn is a representation of the user's actions. As a Trojan Horse program runs, it may create processes that perform, e.g., read and/or write data operations, or perform other computations, etc.
  • FIG. IB shows exemplary columns "#processes#", "DHCP parameters” and "process with max time”.
  • One purpose of these columns is to capture process information at the operating system level. In a certain sense, such process information may be viewed as providing a signature of a computer program as it executes, i.e., it is a representation of the behavior of a computer program.
  • the present invention also anticipates the advent of quantum computers into everyday use by the public, i.e., personal quantum computers. In such an eventuality, owners of personal quantum computers will need an authentication mechanism to protect their own computers (much like the username/password based schemes used today). Since today's username/password based schemes will become unsafe with personal quantum computers, the present invention may be used to design
  • a user computing device may be provisioned with monitoring service logic that generates a first dataset that, in turn, may be used to obtain one or more training profiles by a cloud-based authentication service.
  • the user computing device may then, upon demand, produce a second dataset that may be provided to the cloud service that may obtain an operational profile from it.
  • the cloud service may then, upon matching the training profiles with the operational profile, communicate an action to the personal quantum computer, the action indicating allowance or disallowance of access by the user to the personal quantum computer.
  • the present invention thus introduces technology that applies to computers that are anticipated to be available in the years ahead.
  • monitoring service logic in the user's computing devices may itself be protected by storing it in encrypted form. Thus, a user may not be able to discern the contents of the stored monitoring logic or the datasets that it collects.
  • the monitoring service logic may be provided or made available to the user computing devices in various forms, e.g., as an app, executable code, or prepackaged into the operating system of the user computing device, etc.
  • the monitoring logic creates a first and a second dataset that it may provide to the supervisory program.
  • the latter may need to ensure that the first and second datasets are indeed provided by the same monitoring logic. That is, the monitoring logic may need to authenticate itself to the supervisory program.
  • Such an authentication may be achieved using conventional techniques , e.g., a certificate mechanism or an API (application program interface) certificate mechanism.
  • FIG. 7 shows an example architecture 800 for a device such as the user computing device or the access control mechanism that executes the supervisory program that provides a user access to a database or other online resource.
  • the architecture 800 illustrated in FIG. 7 shows an architecture that may be adapted for a server computer, server complex, mobile phone, a PDA, a smartphone, a desktop computer, a netbook computer, a tablet computer, GPS device, gaming console, and/or a laptop computer.
  • the architecture 800 may be utilized to execute any aspect of the components presented herein.
  • the architecture 800 illustrated in FIG.7 includes a CPU (Central Processing Unit) 802, a system memory 804, including a RAM 806 and a ROM 808, and a system bus 810 that couples the memory 804 to the CPU 802.
  • the architecture 800 further includes a mass storage device 812 for storing software code or other computer-executed code that is utilized to implement applications, the file system, and the operating system.
  • the mass storage device 812 is connected to the CPU 802 through a mass storage controller (not shown) connected to the bus 810.
  • the mass storage device 812 and its associated non-transitory computer-readable storage media provide non-volatile storage for the architecture 800.
  • non-transitory computer-readable storage media can be any available storage media that can be accessed by the architecture 800.
  • non-transitory computer-readable storage media may include volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer- readable instructions, data structures, program modules, or other data.
  • computer-readable media includes, but is not limited to, RAM, ROM, EPROM (erasable programmable read only memory, ) , EEPROM (electrically erasable programmable read only memory, ) , Flash memory or other solid state memory technology, CD-ROM, DVDs, FID-DVD (High Definition DVD), Blu-ray, or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the architecture 800.
  • the architecture 800 may operate in a networked environment using logical connections to remote computers through a network.
  • the architecture 800 may connect to the network through a network interface unit 816 connected to the bus 810. It should be appreciated that the network interface unit 816 also may be utilized to connect to other types of networks and remote computer systems.
  • the architecture 800 also may include an input/output controller 818 for receiving and processing input from a number of other devices, including a keyboard, mouse, or electronic stylus (not shown in FIG. 7). Similarly, the input/output controller 818 may provide output to a display screen, a printer, or other type of output device (also not shown in FIG. 7).
  • the software components described herein may, when loaded into the CPU 802 and executed, transform the CPU 802 and the overall architecture 800 from a general -purpose computing system into a special-purpose computing system customized to facilitate the functionality presented herein.
  • the CPU 802 may be constructed from any number of transistors or other discrete circuit elements, which may individually or collectively assume any number of states. More specifically, the CPU 802 may operate as a finite-state machine, in response to executable instructions contained within the software modules disclosed herein. These computer-executable instructions may transform the CPU 802 by specifying how the CPU 802 transitions between states, thereby transforming the transistors or other discrete hardware elements constituting the CPU 802.
  • Encoding the software modules presented herein also may transform the physical structure of the computer-readable storage media presented herein.
  • the specific transformation of physical structure may depend on various factors, in different implementations of this description. Examples of such factors may include, but are not limited to, the technology used to implement the computer-readable storage media, whether the computer-readable storage media is characterized as primary or secondary storage, and the like. For example, if the computer-readable storage media is characterized as primary or secondary storage, and the like. For example, if the computer-readable storage media is
  • the software disclosed herein may be encoded on the computer-readable storage media by transforming the physical state of the semiconductor memory.
  • the software may transform the state of transistors, capacitors, or other discrete circuit elements constituting the semiconductor memory.
  • the software also may transform the physical state of such components in order to store data thereupon.
  • the software modules or components may include software for implementing the monitoring service logic (in the case of the user computing device) or the supervisory program (in the case of the access control mechanism). More generally, the monitoring service logic and the supervisory program may be implemented in any combination of hardware, software and firmware.
  • the computer-readable storage media disclosed herein may be implemented using magnetic or optical technology.
  • the software presented herein may transform the physical state of magnetic or optical media, when the software is encoded therein. These transformations may include altering the magnetic characteristics of particular locations within given magnetic media. These transformations also may include altering the physical features or characteristics of particular locations within given optical media to change the optical characteristics of those locations. Other transformations of physical media are possible without departing from the scope and spirit of the present description, with the foregoing examples provided only to facilitate this discussion.
  • the architecture 800 may not include all of the components shown in FIG. 7, may include other components that are not explicitly shown in FIG. 7, or may utilize an architecture completely different from that shown in FIG. 7.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé pour autoriser un utilisateur à accéder à une ressource sur un réseau de communication, comprenant les étapes consistant à recevoir sur un réseau de communication, en provenance d'un dispositif informatique associé à l'utilisateur une séquence temporelle de données opérationnelles de valeurs de paramètres pour un ou plusieurs paramètres surveillés par le dispositif informatique. La séquence temporelle de données opérationnelles est comparée à une séquence temporelle de données d'apprentissage reçues précédemment de valeurs de paramètres surveillées précédemment par le dispositif de communication pour le ou les paramètres. Le dispositif informatique est autorisé à accéder à la ressource si la séquence temporelle de données d'apprentissage reçues précédemment concorde avec la séquence temporelle de données opérationnelles dans la limite d'un niveau de confiance spécifié.
PCT/US2017/064961 2016-12-06 2017-12-06 Mécanismes de contrôle d'accès basés sur un comportement informatique WO2018106836A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662430543P 2016-12-06 2016-12-06
US62/430,543 2016-12-06

Publications (1)

Publication Number Publication Date
WO2018106836A1 true WO2018106836A1 (fr) 2018-06-14

Family

ID=62491584

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/064961 WO2018106836A1 (fr) 2016-12-06 2017-12-06 Mécanismes de contrôle d'accès basés sur un comportement informatique

Country Status (1)

Country Link
WO (1) WO2018106836A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739335A (zh) * 2018-12-21 2019-05-10 重庆汇锋金鸿科技有限公司 一种基于拟态计算的微处理器及数据处理方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130102283A1 (en) * 2011-10-21 2013-04-25 Alvin Lau Mobile device user behavior analysis and authentication
US20160127388A1 (en) * 2014-10-31 2016-05-05 Cyberpoint International Llc Similarity search and malware prioritization
US9426139B1 (en) * 2015-03-30 2016-08-23 Amazon Technologies, Inc. Triggering a request for an authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130102283A1 (en) * 2011-10-21 2013-04-25 Alvin Lau Mobile device user behavior analysis and authentication
US20160127388A1 (en) * 2014-10-31 2016-05-05 Cyberpoint International Llc Similarity search and malware prioritization
US9426139B1 (en) * 2015-03-30 2016-08-23 Amazon Technologies, Inc. Triggering a request for an authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109739335A (zh) * 2018-12-21 2019-05-10 重庆汇锋金鸿科技有限公司 一种基于拟态计算的微处理器及数据处理方法

Similar Documents

Publication Publication Date Title
US11019048B2 (en) Password state machine for accessing protected resources
US11159501B2 (en) Device identification scoring
US10375054B2 (en) Securing user-accessed applications in a distributed computing environment
US9503452B1 (en) System and method for identity recognition and affiliation of a user in a service transaction
KR101721032B1 (ko) 보안 챌린지 지원 패스워드 프록시
US9491155B1 (en) Account generation based on external credentials
US11790077B2 (en) Methods, mediums, and systems for establishing and using security questions
US8689294B1 (en) Systems and methods for managing offline authentication
US11277421B2 (en) Systems and methods for detecting and thwarting attacks on an IT environment
US10630676B2 (en) Protecting against malicious discovery of account existence
US20130133054A1 (en) Relationship Based Trust Verification Schema
US20150046989A1 (en) System and method for verifying status of an authentication device
US10135810B2 (en) Selective authentication system
US20170318054A1 (en) Authentication incident detection and management
WO2015142402A1 (fr) Authentification d'un utilisateur commandée par un dispositif
US9935940B1 (en) Password security
US10594685B2 (en) User selected key authentication
US10397207B1 (en) Automatic credential rotation
EP3937040B1 (fr) Systèmes et procédés pour sécuriser un accès de connexion
US20180097816A1 (en) Access control mechanisms based on computational behavior
ALSaleem et al. Multi-factor authentication to systems login
US20220216996A1 (en) Authentication using encrypted biometric information
WO2018106836A1 (fr) Mécanismes de contrôle d'accès basés sur un comportement informatique
Yadav et al. A Security and Usability Analysis of Local Attacks Against FIDO2
US20240163279A1 (en) Systems and methods for securing login access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17879199

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17879199

Country of ref document: EP

Kind code of ref document: A1