WO2020018108A1 - Authentication profiles for users - Google Patents
Authentication profiles for users Download PDFInfo
- Publication number
- WO2020018108A1 WO2020018108A1 PCT/US2018/042979 US2018042979W WO2020018108A1 WO 2020018108 A1 WO2020018108 A1 WO 2020018108A1 US 2018042979 W US2018042979 W US 2018042979W WO 2020018108 A1 WO2020018108 A1 WO 2020018108A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- user
- computing device
- programs
- customized set
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44594—Unloading
Definitions
- a user may perform routine operations, such as launching applications, websites, remote sessions, or other configurations. Similarly, prior to logging off from the computing device, the user may choose to close active applications, websites, and remote sessions, particularly for security purposes. With regards to security, this may be particularly useful when multiple users access a computing device.
- FiG. 1 illustrates a computing device for authenticating a user via an
- FIG. 2 illustrates a method at a computing device for authenticating a user via an authentication event, according to an example
- FIG. 3 is a flow diagram in accordance with an example of the present disclosure.
- Examples disclosed herein provide the ability to automatically perform tasks on a computing device upon user authentication, or when the user is signing off, according to an example. By automating such tasks, routine operations generally performed by the user manually may be avoided, essentially saving time and increasing productivity, improving the overall user experience.
- users may choose to log into a computing device via various authentication events, such as a smart card, NFC capable device/card, biometric scan, or facial recognition.
- each authentication event used by a user may have its own authentication profile to handle a customized set of tasks when the user is logging into or logging off from a computing device.
- a unique experience may be provided to the user upon logging into the computing device.
- FIG. 1 illustrates a computing device 100 for authenticating a user via an authentication event, and performing a set of tasks based on the authentication event used, according to an example.
- the computing device includes at least a first peripheral 102 and second peripheral 104, to authenticate the user via different authentication events, as will be further described.
- a customized set of tasks may be initiated.
- the computing device 100 depicts a processor 106 and a memory device 108 and, as an example of the computing device 100 performing its operations, the memory device 108 may include instructions 110-118 that are executable by the processor 106.
- memory device 108 can be said to store program instructions that, when executed by processor 106, implement the components of the computing device 100.
- the executable program instructions stored in the memory device 108 include, as an example, instructions to authenticate user (110), instructions to determine authentication profile (112), instructions to launch program (114), instructions to revoke user authentication (116), and instructions to terminate program (118).
- Instructions to authenticate user (110) represent program instructions that when executed by the processor 106 cause the computing device 100 to receive an attempt to authenticate a user via an authentication event.
- the computing device 100 includes a peripheral, such as first peripheral 102 or second peripheral 104, to authenticate a user via an authentication event corresponding to the peripheral.
- the peripheral is a smart card reader
- the authentication event may correspond to an insertion or tap of a smart card.
- the peripheral involves biometric measurements (e.g., fingerprint scanner, iris scanner)
- the authentication event may correspond to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition.
- the peripheral is an NFC receiver
- the authentication event may correspond to the use of an NFC capable device/card.
- the computing device 100 Upon receiving the attempt to authenticate the user via the authentication event, the computing device 100 determines whether the authentication is a valid attempt for allowing access of the computing device 100 to the user. Although a first peripheral 102 and second peripheral 104 is illustrated, the number of peripherals available on the computing device 100 may vary.
- Instructions to determine authentication profile (112) represent program instructions that when executed by the processor 106 cause the computing device 100, upon validating the authentication event used, to determine which authentication profile to initiate, for the user to use the computing device 100.
- the processor 106 executes program instructions that when executed by the processor 106 cause the computing device 100, upon validating the authentication event used, to determine which authentication profile to initiate, for the user to use the computing device 100.
- determination of the authentication profile to initiate includes selecting an authentication profile based on the authentication event used. For example, if a smart card is used to authenticate the user, a first authentication profile may be initiated. If a biometric identifier is used, a second authentication profile may be initiated. As an example, each biometric measurement may have its own authentication profile. For example, the authentication profile initiated if a fingerprint scanner is used may be different from the authentication profile initiated if an iris scanner is used. If an NFC capable device/card is used, a third authentication profile may be initiated. As will be further described, each authentication profile for a user may include a unique set of start and exit tasks while using the computing device 100.
- Instructions to launch program (114) represent program instructions that when executed by the processor 106 cause the computing device 100 to initiate the determined authentication profile to launch a customized set of programs or tasks on the computing device 100 for the user.
- various authentication profiles may be initiated for a user, based on the authentication event used. For example, a first authentication profile is initiated when a first authentication event is used, and a second authentication profile is initiated when a second authentication event is used.
- the customized set of programs launched when the first authentication profile is initiated is different from the customized set of programs launched when the second authentication profile is initiated.
- a unique experience may be provided to the user upon logging into the computing device 100.
- the customized set of programs may include more secure programs and tasks.
- the customized set of programs or tasks includes a predefined set of applications, remote sessions, and/or websites to launch upon the user logging into the computing device 100.
- the authentication profile may also pass through the authentication information of the user, in order for the application or remote session to load properly.
- an authentication token may be passed through to this application or remote session, once the authentication profile is initiated.
- instructions to revoke user authentication represent program instructions that when executed by the processor 106 cause the computing device 100 to receive an attempt to revoke user authentication.
- the attempt to revoke user authentication may correspond to a second instance of the authentication event described above.
- attempt to revoke user authentication may correspond to a second insertion or tap of a smart card, a second use of a biometric identifier, such as a fingerprint, facial recognition, or iris recognition, or a second tap of an NFC capable device/card on an NFC receiver.
- an authentication event besides the one used initially may be used when attempting to revoke user authentication.
- the user may be revoked, for example, after a certain period of inactivity, or when a presence sensor has detected that the user has left the vicinity of the computing device 100.
- a second user attempts to log into the computing device 100, for example, while the initial user is still logged in, user authentication of the initial user may be revoked, for security purposes.
- instructions to terminate program (118) represent program instructions that when executed by the processor 106 cause the computing device 100, upon receiving the attempt to revoke the user authentication, to terminate the customized set of programs, or any programs that remain open. Automatically closing active applications, remote sessions, and websites, for example, when a user leaves or logs out from the
- terminating the customized set of programs includes signing out of the programs from the customized set of programs requiring user credentials, as described above.
- the computing device 100 may request or pass through a sign-out event to the respective application or remote session (e.g., Sending ExitWindows, log off event for remote desktop protocol (RDP), or custom windows message to a windows application).
- a sign-out event e.g., Sending ExitWindows, log off event for remote desktop protocol (RDP), or custom windows message to a windows application.
- RDP remote desktop protocol
- custom windows message e.g., Sending ExitWindows, log off event for remote desktop protocol (RDP), or custom windows message to a windows application.
- applications are manually launched by the user, they may not be affected by the revoking of the user authentication.
- the computing device 100 may initiate local operating system (OS) events such as logoff, restart, shutdown, and lock.
- OS operating system
- Memory device 108 represents generally any number of memory components capable of storing instructions that can be executed by processor 106.
- Memory device 108 is non-transitory in the sense that it does not encompass a transitory signal but instead is made up of at least one memory component configured to store the relevant instructions.
- the memory device 108 may be a non-transitory computer- readable storage medium.
- Memory device 108 may be implemented in a single device or distributed across devices.
- processor 106 represents any number of processors capable of executing instructions stored by memory device 108.
- Processor 106 may be integrated in a single device or distributed across devices. Further, memory device 108 may be fully or partially integrated in the same device as processor 106, or it may be separate but accessible to that device and processor 106.
- the program instructions 110-118 can be part of an installation package that when installed can be executed by processor 106 to implement the components of the computing device 100.
- memory device 108 may be a portable medium such as a CD, DVD, or flash drive or a memory maintained by a server from which the installation package can be downloaded and installed.
- the program instructions may be part of an application or applications already installed.
- memory device 108 can include integrated memory such as a hard drive, solid state drive, or the like.
- FIG. 2 illustrates a method 200 at a computing device for authenticating a user via an authentication event, according to an example.
- FIG. 2 reference may be made to the example computing device 100 illustrated in FIG. 1. Such reference is made to provide contextual examples and not to limit the manner in which method 200 depicted by FIG. 2 may be implemented.
- Method 200 begins at 202, where the computing device receives an attempt to authenticate a user via an authentication event.
- the computing device 100 includes a peripheral, such as first peripheral 102 or second peripheral 104, to authenticate a user via an authentication event corresponding to the peripheral.
- the computing device determines whether the authentication is a valid attempt for allowing access of the computing device to the user. If the authentication event is not validated, method 200 returns to 202.
- method 200 proceeds to 206, where the computing device selects an authentication profile based on the authentication event used at 202. For example, if the authentication event corresponds to an insertion or tap of a smart card, a first authentication profile may be initiated. If the authentication event corresponds to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition, a second authentication profile may be initiated. If the authentication event corresponds to the use of an NFC capable device/card, a third authentication profile may be initiated.
- biometric identifiers such as a fingerprint, facial recognition, or iris recognition
- the computing device initiates the authentication profile to launch a customized set of programs or tasks.
- various authentication profiles may be initiated for a user, based on the authentication event used.
- a unique experience may be provided to the user upon logging into the computing device 100.
- the customized set of programs or tasks includes a predefined set of applications, remote sessions, and/or websites to launch upon the user logging into the computing device.
- the authentication profile may also pass through the authentication information of the user, in order to seamlessly log in to the application or remote session. As an example, if the application or remote session supports pass through credentials, an authentication token may be passed through to this application or remote session, once the
- the computing device is ready for use by the user, with the routine programs used by the user loaded.
- the computing device remains available for the user until the user authentication is revoked.
- user authentication may be revoked by the user itself or when another user attempts to log into the computing device.
- the computing device determines whether it receives an attempt to revoke user authentication, for example, by the user.
- the computing device determines whether it receives an attempt to authenticate another user, for example, by the other user attempting to authenticate itself via an authentication event, as described above. If neither attempt is received at 210 or 212, the computing device remains logged in for the original user. However, as an example, if the user forgets to revoke user
- the computing may be revoke the user authentication, for security purposes, for example, after a certain period of inactivity at the computing device, or when a presence sensor has detected that the user has left the vicinity of the computing device.
- the computing device terminates the customized set of programs, or any programs that remain open, and then returns to 202.
- Automatically closing active applications, remote sessions, and websites for example, when a user leaves or logs out from the computing device, improves overall security. Examples include cleaning up the browsing history, application history, and deleting temporary files.
- terminating the customized set of programs includes signing out of the programs from the customized set of programs requiring user credentials, as described above.
- the computing device may initiate local OS events such as logoff, restart, shutdown, and lock.
- FIG. 3 is a flow diagram 300 of steps taken by a computing device to implement a method for authenticating a user via an authentication event, according to an example.
- the flow diagram of FIG. 3 shows a specific order of execution, the order of execution may differ from that which is depicted.
- the order of execution of two or more blocks or arrows may be scrambled relative to the order shown.
- two or more blocks shown in succession may be executed concurrently or with partial concurrence. All such variations are within the scope of the present invention.
- the computing device receives an attempt to authenticate a user via an authentication event.
- the computing device includes peripherals to authenticate the user via an authentication event corresponding to the peripheral used.
- the computing device determines which authentication profile to initiate for the user to use the computing device. As an example of determining which authentication profile to initiate, the computing device selects an authentication profile based on the authentication event used. For example, if the authentication event corresponds to an insertion or tap of a smart card, a first authentication profile may be initiated. If the authentication event corresponds to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition, a second authentication profile may be initiated. If the authentication event corresponds to the use of an NFC capable device/card, a third authentication profile may be initiated. [0025]At 330, the computing device initiates the determined authentication profile to launch a customized set of programs on the computing device for the user.
- biometric identifiers such as a fingerprint, facial recognition, or iris recognition
- a first authentication profile is initiated when a first authentication event is used, and a second authentication profile is initiated when a second authentication event is used.
- the customized set of programs launched when the first authentication profile is initiated may be different from the customized set of programs launched when the second authentication profile is initiated.
- the computing device passes through credentials for the first user to the programs requiring the authentication.
- the computing device is ready for use by the user, with the routine programs used by the user loaded.
- the computing device remains available for the user until the user authentication is revoked, as described above.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Collating Specific Patterns (AREA)
Abstract
In an example implementation according to aspects of the present disclosure, a method may include receiving, at a computing device, an attempt to authenticate a user via an authentication event and, upon validating the authentication event used, determining which authentication profile to initiate for the user to use the computing device. As an example, the computing device then initiates the determined authentication profile to launch a customized set of programs on the computing device for the user.
Description
AUTHENTICATION PROFILES FOR USERS
BACKGROUND
[0001] Upon logging into computing devices, a user may perform routine operations, such as launching applications, websites, remote sessions, or other configurations. Similarly, prior to logging off from the computing device, the user may choose to close active applications, websites, and remote sessions, particularly for security purposes. With regards to security, this may be particularly useful when multiple users access a computing device.
BRIEF DESCRIPTION OF THE DRAWINGS
[0002] FiG. 1 illustrates a computing device for authenticating a user via an
authentication event, and performing a set of tasks based on the authentication event used, according to an example;
[0003] FIG. 2 illustrates a method at a computing device for authenticating a user via an authentication event, according to an example; and
[0004] FIG. 3 is a flow diagram in accordance with an example of the present disclosure.
DETAILED DESCRIPTION
[0005] Examples disclosed herein provide the ability to automatically perform tasks on a computing device upon user authentication, or when the user is signing off, according to an example. By automating such tasks, routine operations generally performed by the user manually may be avoided, essentially saving time and increasing productivity, improving the overall user experience. As an example, users may choose to log into a computing device via various authentication events, such as a smart card, NFC capable device/card, biometric scan, or facial recognition. As will be further described, each authentication event used by a user may have its own authentication profile to handle a customized set of tasks when the user is logging into or logging off from a computing
device. As a result, based on the authentication event used by the user, a unique experience may be provided to the user upon logging into the computing device.
[0006] With reference to the figures, FIG. 1 illustrates a computing device 100 for authenticating a user via an authentication event, and performing a set of tasks based on the authentication event used, according to an example. The computing device includes at least a first peripheral 102 and second peripheral 104, to authenticate the user via different authentication events, as will be further described. As an example, based on the peripheral used to authenticate the user, a customized set of tasks may be initiated. The computing device 100 depicts a processor 106 and a memory device 108 and, as an example of the computing device 100 performing its operations, the memory device 108 may include instructions 110-118 that are executable by the processor 106. Thus, memory device 108 can be said to store program instructions that, when executed by processor 106, implement the components of the computing device 100. The executable program instructions stored in the memory device 108 include, as an example, instructions to authenticate user (110), instructions to determine authentication profile (112), instructions to launch program (114), instructions to revoke user authentication (116), and instructions to terminate program (118).
[0007] Instructions to authenticate user (110) represent program instructions that when executed by the processor 106 cause the computing device 100 to receive an attempt to authenticate a user via an authentication event. As mentioned above, the computing device 100 includes a peripheral, such as first peripheral 102 or second peripheral 104, to authenticate a user via an authentication event corresponding to the peripheral. For example, if the peripheral is a smart card reader, the authentication event may correspond to an insertion or tap of a smart card. If the peripheral involves biometric measurements (e.g., fingerprint scanner, iris scanner), the authentication event may correspond to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition. If the peripheral is an NFC receiver, the authentication event may correspond to the use of an NFC capable device/card. Upon receiving the attempt to authenticate the user via the authentication event, the computing device 100 determines whether the authentication is a valid attempt for allowing access of the computing
device 100 to the user. Although a first peripheral 102 and second peripheral 104 is illustrated, the number of peripherals available on the computing device 100 may vary.
[0008] Instructions to determine authentication profile (112) represent program instructions that when executed by the processor 106 cause the computing device 100, upon validating the authentication event used, to determine which authentication profile to initiate, for the user to use the computing device 100. As an example, the
determination of the authentication profile to initiate includes selecting an authentication profile based on the authentication event used. For example, if a smart card is used to authenticate the user, a first authentication profile may be initiated. If a biometric identifier is used, a second authentication profile may be initiated. As an example, each biometric measurement may have its own authentication profile. For example, the authentication profile initiated if a fingerprint scanner is used may be different from the authentication profile initiated if an iris scanner is used. If an NFC capable device/card is used, a third authentication profile may be initiated. As will be further described, each authentication profile for a user may include a unique set of start and exit tasks while using the computing device 100.
[0009] Instructions to launch program (114) represent program instructions that when executed by the processor 106 cause the computing device 100 to initiate the determined authentication profile to launch a customized set of programs or tasks on the computing device 100 for the user. As mentioned above, various authentication profiles may be initiated for a user, based on the authentication event used. For example, a first authentication profile is initiated when a first authentication event is used, and a second authentication profile is initiated when a second authentication event is used. As the set of programs or tasks launched for each authentication profile is different, the customized set of programs launched when the first authentication profile is initiated is different from the customized set of programs launched when the second authentication profile is initiated. As a result, based on the authentication event used by the user, a unique experience may be provided to the user upon logging into the computing device 100. In addition, when more secure authentication events are
used, for example, reserved only for administrators, the customized set of programs may include more secure programs and tasks.
[0010] As an example, the customized set of programs or tasks includes a predefined set of applications, remote sessions, and/or websites to launch upon the user logging into the computing device 100. For programs requiring user credentials, such as an application or remote session, the authentication profile may also pass through the authentication information of the user, in order for the application or remote session to load properly. As an example, if the application or remote session supports pass through credentials, an authentication token may be passed through to this application or remote session, once the authentication profile is initiated. Once the customized set of programs or tasks are launched on the computing device 100, including the programs that require pass through credentials, the computing device 100 is ready for use by the user, with the routine programs used by the user loaded.
[0011] instructions to revoke user authentication (116) represent program instructions that when executed by the processor 106 cause the computing device 100 to receive an attempt to revoke user authentication. As an example, the attempt to revoke user authentication may correspond to a second instance of the authentication event described above. For example, attempt to revoke user authentication may correspond to a second insertion or tap of a smart card, a second use of a biometric identifier, such as a fingerprint, facial recognition, or iris recognition, or a second tap of an NFC capable device/card on an NFC receiver. However, an authentication event besides the one used initially may be used when attempting to revoke user authentication. However, if the user forgets to revoke user authentication, it may be revoked, for example, after a certain period of inactivity, or when a presence sensor has detected that the user has left the vicinity of the computing device 100. Similarly, if a second user attempts to log into the computing device 100, for example, while the initial user is still logged in, user authentication of the initial user may be revoked, for security purposes.
[0012] instructions to terminate program (118) represent program instructions that when executed by the processor 106 cause the computing device 100, upon receiving the
attempt to revoke the user authentication, to terminate the customized set of programs, or any programs that remain open. Automatically closing active applications, remote sessions, and websites, for example, when a user leaves or logs out from the
computing device 100, improves overall security. As an example, terminating the customized set of programs includes signing out of the programs from the customized set of programs requiring user credentials, as described above. For example, if an application or remote session supports it, the computing device 100 may request or pass through a sign-out event to the respective application or remote session (e.g., Sending ExitWindows, log off event for remote desktop protocol (RDP), or custom windows message to a windows application). As an example, if applications are manually launched by the user, they may not be affected by the revoking of the user authentication. As an example, upon terminating the customized set of programs, the computing device 100 may initiate local operating system (OS) events such as logoff, restart, shutdown, and lock.
[0013] Memory device 108 represents generally any number of memory components capable of storing instructions that can be executed by processor 106. Memory device 108 is non-transitory in the sense that it does not encompass a transitory signal but instead is made up of at least one memory component configured to store the relevant instructions. As a result, the memory device 108 may be a non-transitory computer- readable storage medium. Memory device 108 may be implemented in a single device or distributed across devices. Likewise, processor 106 represents any number of processors capable of executing instructions stored by memory device 108. Processor 106 may be integrated in a single device or distributed across devices. Further, memory device 108 may be fully or partially integrated in the same device as processor 106, or it may be separate but accessible to that device and processor 106.
[0014] In one example, the program instructions 110-118 can be part of an installation package that when installed can be executed by processor 106 to implement the components of the computing device 100. In this case, memory device 108 may be a portable medium such as a CD, DVD, or flash drive or a memory maintained by a server from which the installation package can be downloaded and installed. In another
example, the program instructions may be part of an application or applications already installed. Here, memory device 108 can include integrated memory such as a hard drive, solid state drive, or the like.
[0015] FIG. 2 illustrates a method 200 at a computing device for authenticating a user via an authentication event, according to an example. In discussing FIG. 2, reference may be made to the example computing device 100 illustrated in FIG. 1. Such reference is made to provide contextual examples and not to limit the manner in which method 200 depicted by FIG. 2 may be implemented.
[0016J Method 200 begins at 202, where the computing device receives an attempt to authenticate a user via an authentication event. Referring to computing device 100, the computing device 100 includes a peripheral, such as first peripheral 102 or second peripheral 104, to authenticate a user via an authentication event corresponding to the peripheral.
[0017] At 204, upon receiving the attempt to authenticate the user via the authentication event, the computing device determines whether the authentication is a valid attempt for allowing access of the computing device to the user. If the authentication event is not validated, method 200 returns to 202.
[0018] Otherwise, method 200 proceeds to 206, where the computing device selects an authentication profile based on the authentication event used at 202. For example, if the authentication event corresponds to an insertion or tap of a smart card, a first authentication profile may be initiated. If the authentication event corresponds to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition, a second authentication profile may be initiated. If the authentication event corresponds to the use of an NFC capable device/card, a third authentication profile may be initiated.
[0019] At 208, the computing device initiates the authentication profile to launch a customized set of programs or tasks. As mentioned above, various authentication profiles may be initiated for a user, based on the authentication event used. As a result, based on the authentication event used by the user, a unique experience may be
provided to the user upon logging into the computing device 100. As an example, the customized set of programs or tasks includes a predefined set of applications, remote sessions, and/or websites to launch upon the user logging into the computing device. For programs requiring user credentials, such as an application or remote session, the authentication profile may also pass through the authentication information of the user, in order to seamlessly log in to the application or remote session. As an example, if the application or remote session supports pass through credentials, an authentication token may be passed through to this application or remote session, once the
authentication profile is initiated.
[0020] Once the customized set of programs or tasks are launched on the computing device, including the programs that require pass through credentials, the computing device is ready for use by the user, with the routine programs used by the user loaded. The computing device remains available for the user until the user authentication is revoked. As an example, user authentication may be revoked by the user itself or when another user attempts to log into the computing device. Referring to method 200, at 210, the computing device determines whether it receives an attempt to revoke user authentication, for example, by the user. At 212, the computing device determines whether it receives an attempt to authenticate another user, for example, by the other user attempting to authenticate itself via an authentication event, as described above. If neither attempt is received at 210 or 212, the computing device remains logged in for the original user. However, as an example, if the user forgets to revoke user
authentication, the computing may be revoke the user authentication, for security purposes, for example, after a certain period of inactivity at the computing device, or when a presence sensor has detected that the user has left the vicinity of the computing device.
[0021] At 214, if the computing device receives either an attempt to revoke user authentication at 210 or an attempt to authenticate another user at 212, the computing device terminates the customized set of programs, or any programs that remain open, and then returns to 202. Automatically closing active applications, remote sessions, and websites, for example, when a user leaves or logs out from the computing device,
improves overall security. Examples include cleaning up the browsing history, application history, and deleting temporary files. As an example, terminating the customized set of programs includes signing out of the programs from the customized set of programs requiring user credentials, as described above. In addition, upon terminating the customized set of programs, the computing device may initiate local OS events such as logoff, restart, shutdown, and lock.
[0022] FIG. 3 is a flow diagram 300 of steps taken by a computing device to implement a method for authenticating a user via an authentication event, according to an example. Although the flow diagram of FIG. 3 shows a specific order of execution, the order of execution may differ from that which is depicted. For example, the order of execution of two or more blocks or arrows may be scrambled relative to the order shown. Also, two or more blocks shown in succession may be executed concurrently or with partial concurrence. All such variations are within the scope of the present invention.
[0023] At 310, the computing device receives an attempt to authenticate a user via an authentication event. As described above, the computing device includes peripherals to authenticate the user via an authentication event corresponding to the peripheral used.
[0024] At 320, upon validating the authentication event use, the computing device determines which authentication profile to initiate for the user to use the computing device. As an example of determining which authentication profile to initiate, the computing device selects an authentication profile based on the authentication event used. For example, if the authentication event corresponds to an insertion or tap of a smart card, a first authentication profile may be initiated. If the authentication event corresponds to biometric identifiers, such as a fingerprint, facial recognition, or iris recognition, a second authentication profile may be initiated. If the authentication event corresponds to the use of an NFC capable device/card, a third authentication profile may be initiated.
[0025]At 330, the computing device initiates the determined authentication profile to launch a customized set of programs on the computing device for the user. As an example, a first authentication profile is initiated when a first authentication event is used, and a second authentication profile is initiated when a second authentication event is used. As a result, the customized set of programs launched when the first authentication profile is initiated may be different from the customized set of programs launched when the second authentication profile is initiated. As an example, for programs from the customized set of programs requiring authentication, the computing device passes through credentials for the first user to the programs requiring the authentication.
[0026] Once the customized set of programs or tasks are launched on the computing device, including the programs that require pass through credentials, the computing device is ready for use by the user, with the routine programs used by the user loaded. The computing device remains available for the user until the user authentication is revoked, as described above.
[0027] It is appreciated that examples described may include various components and features it is also appreciated that numerous specific details are set forth to provide a thorough understanding of the examples. However, it is appreciated that the examples may be practiced without limitations to these specific details. In other instances, well known methods and structures may not be described in detail to avoid unnecessarily obscuring the description of the examples. Also, the examples may be used in combination with each other.
[0028] Reference in the specification to“an example” or similar language means that a particular feature, structure, or characteristic described in connection with the example is included in at least one example, but not necessarily in other examples. The various instances of the phrase“in one example” or similar phrases in various places in the specification are not necessarily all referring to the same example.
[0029] it is appreciated that the previous description of the disclosed examples is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these examples will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other examples without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the examples shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims
1. A method comprising:
receiving, at a computing device, an attempt to authenticate a first user via an authentication event;
upon validating the authentication event used, determining which authentication profile to initiate for the first user to use the computing device; and
initiating the determined authentication profile to launch a customized set of programs on the computing device for the first user.
2. The method of claim 1 , wherein determining which authentication profile to initiate comprises selecting an authentication profile based on the authentication event used.
3. The method of claim 2, wherein a first authentication profile is initiated when a first authentication event is used, and a second authentication profile is initiated when a second authentication event is used.
4. The method of claim 3, wherein the customized set of programs launched when the first authentication profile is initiated is different from the customized set of programs launched when the second authentication profile is initiated.
5. The method of claim 1 , comprising:
receiving, at the computing device, an attempt to revoke user authentication; and upon receiving the attempt to revoke the user authentication, terminating the customized set of programs.
6. The method of claim 5, comprising, for programs from the customized set of programs requiring authentication, passing through credentials for the first user to the programs requiring the authentication.
7. The method of claim 6, wherein terminating the customized set of programs comprises signing out of the programs from the customized set of programs requiring the authentication.
8. The method of claim 1 , comprising:
receiving, at the computing device, an attempt to authenticate a second user via a second authentication event;
upon validating the second authentication event used, terminating the customized set of programs for the first user; and
launching a customized set of programs on the computing device for the second user.
9. A computing device comprising:
a first peripheral to authenticate a user via a first authentication event;
a second peripheral to authenticate the user via a second authentication event different from the first authentication event; and
a processor to:
receive an attempt to authenticate the user via the first or second authentication event;
upon validating the authentication event used, select an authentication profile to initiate for the user to use the computing device, based on the authentication event used; and
initiating the selected authentication profile to launch a customized set of programs on the computing device for the user.
10. The computing device of claim 9, wherein a first authentication profile is initiated when the first authentication event is used, and a second authentication profile is initiated when the second authentication event is used.
11. The computing device of claim 10, wherein the customized set of programs launched when the first authentication profile is initiated is different from the customized set of programs launched when the second authentication profile is initiated.
12. The computing device of claim 9, wherein the processor is to:
receive an attempt to revoke user authentication; and
upon receiving the attempt to revoke the user authentication, terminate the customized set of programs.
13. A non-transitory computer-readable storage medium comprising program instructions which, when executed by a processor, cause the processor to:
receive, at a computing device, an attempt to authenticate a user via an authentication event;
upon validating the authentication event used, determine which authentication profile to initiate for the user to use the computing device;
initiate the determined authentication profile to launch a customized set of programs on the computing device for the user.
receive an attempt to revoke user authentication at the computing device; and upon receiving the attempt to revoke the user authentication, terminate the customized set of programs.
14. The non-transitory computer-readable storage medium of claim 13, wherein for programs from the customized set of programs requiring authentication, comprising program instructions which, when executed by the processor, cause the processor to pass through credentials for the user to the programs requiring the authentication.
15. The non-transitory computer-readable storage medium of claim 14, wherein the program instructions to cause the processor to terminate the customized set of programs comprises program instructions to cause the processor to sign out of the programs from the customized set of programs requiring the authentication.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201880092741.3A CN112020714A (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
US17/045,527 US11822628B2 (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
PCT/US2018/042979 WO2020018108A1 (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
EP18926913.7A EP3756115A4 (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2018/042979 WO2020018108A1 (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020018108A1 true WO2020018108A1 (en) | 2020-01-23 |
Family
ID=69163732
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2018/042979 WO2020018108A1 (en) | 2018-07-20 | 2018-07-20 | Authentication profiles for users |
Country Status (4)
Country | Link |
---|---|
US (1) | US11822628B2 (en) |
EP (1) | EP3756115A4 (en) |
CN (1) | CN112020714A (en) |
WO (1) | WO2020018108A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11280829B1 (en) * | 2019-12-19 | 2022-03-22 | Xlnx, Inc. | System-on-chip having secure debug mode |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7080077B2 (en) * | 2000-07-10 | 2006-07-18 | Oracle International Corporation | Localized access |
US7260724B1 (en) * | 1999-09-20 | 2007-08-21 | Security First Corporation | Context sensitive dynamic authentication in a cryptographic system |
US7676829B1 (en) * | 2001-10-30 | 2010-03-09 | Microsoft Corporation | Multiple credentials in a distributed system |
US20140282931A1 (en) * | 2013-03-18 | 2014-09-18 | Ford Global Technologies, Llc | System for vehicular biometric access and personalization |
Family Cites Families (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7200804B1 (en) | 1998-12-08 | 2007-04-03 | Yodlee.Com, Inc. | Method and apparatus for providing automation to an internet navigation application |
WO2006034476A1 (en) | 2004-09-24 | 2006-03-30 | Siemens Medical Solutions Usa, Inc. | A system for activating multiple applications for concurrent operation |
US7814330B2 (en) | 2005-08-01 | 2010-10-12 | Oracle International Corporation | Method and apparatus for facilitating multi-level computer system authentication |
US8380676B1 (en) * | 2009-05-27 | 2013-02-19 | Google Inc. | Automatic deletion of temporary files |
US8527466B2 (en) * | 2009-05-31 | 2013-09-03 | Red Hat Israel, Ltd. | Handling temporary files of a virtual machine |
US8756650B2 (en) * | 2010-03-15 | 2014-06-17 | Broadcom Corporation | Dynamic authentication of a user |
US9400893B2 (en) | 2011-12-15 | 2016-07-26 | Facebook, Inc. | Multi-user login for shared mobile devices |
US9251354B2 (en) * | 2012-10-15 | 2016-02-02 | Imprivata, Inc. | Secure access supersession on shared workstations |
US9509676B1 (en) * | 2013-04-30 | 2016-11-29 | United Services Automobile Association (Usaa) | Efficient startup and logon |
US9098687B2 (en) * | 2013-05-03 | 2015-08-04 | Citrix Systems, Inc. | User and device authentication in enterprise systems |
US9106642B1 (en) | 2013-09-11 | 2015-08-11 | Amazon Technologies, Inc. | Synchronizing authentication sessions between applications |
US9286450B2 (en) | 2014-02-07 | 2016-03-15 | Bank Of America Corporation | Self-selected user access based on specific authentication types |
US9213814B2 (en) | 2014-02-07 | 2015-12-15 | Bank Of America Corporation | User authentication based on self-selected preferences |
US20150281227A1 (en) | 2014-03-31 | 2015-10-01 | Symple ID Inc. | System and method for two factor user authentication using a smartphone and nfc token and for the automatic generation as well as storing and inputting of logins for websites and web applications |
US20150324067A1 (en) * | 2014-05-07 | 2015-11-12 | Honda Motor Co., Ltd. | Vehicle infotainment gateway - multi-application interface |
US9391988B2 (en) | 2014-06-04 | 2016-07-12 | Grandios Technologies, Llc | Community biometric authentication on a smartphone |
GB2529632A (en) * | 2014-08-26 | 2016-03-02 | Ibm | Authentication management |
US10878039B2 (en) * | 2014-09-22 | 2020-12-29 | International Business Machines Corporation | Creating knowledge base of similar systems from plurality of systems |
WO2016053287A1 (en) * | 2014-09-30 | 2016-04-07 | Hewlett-Packard Development Company, L.P. | User authentication |
US9547762B2 (en) | 2015-03-30 | 2017-01-17 | Google Inc. | Authenticating user and launching an application on a single intentional user gesture |
US10419577B2 (en) * | 2016-03-01 | 2019-09-17 | Nandbox Inc. | Managing multiple profiles for a single account in an asynchronous messaging system |
US10447718B2 (en) * | 2017-05-15 | 2019-10-15 | Forcepoint Llc | User profile definition and management |
US10872152B1 (en) * | 2017-06-02 | 2020-12-22 | Apple Inc. | Provision of domains in secure enclave to support multiple users |
US10594685B2 (en) * | 2017-10-19 | 2020-03-17 | Salesforce.Com, Inc. | User selected key authentication |
KR20190051500A (en) * | 2017-11-07 | 2019-05-15 | 한국전자통신연구원 | Vehicle network access control method and infotainment apparatus thereof |
US20190187799A1 (en) * | 2017-12-18 | 2019-06-20 | Facebook, Inc. | Selecting an application for a client device to execute after the client device exits a locked state |
US10917409B2 (en) * | 2018-04-19 | 2021-02-09 | Microsoft Technology Licensing, Llc | System and method to securely execute datacenter management operations remotely |
-
2018
- 2018-07-20 CN CN201880092741.3A patent/CN112020714A/en active Pending
- 2018-07-20 US US17/045,527 patent/US11822628B2/en active Active
- 2018-07-20 WO PCT/US2018/042979 patent/WO2020018108A1/en unknown
- 2018-07-20 EP EP18926913.7A patent/EP3756115A4/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7260724B1 (en) * | 1999-09-20 | 2007-08-21 | Security First Corporation | Context sensitive dynamic authentication in a cryptographic system |
US7080077B2 (en) * | 2000-07-10 | 2006-07-18 | Oracle International Corporation | Localized access |
US7676829B1 (en) * | 2001-10-30 | 2010-03-09 | Microsoft Corporation | Multiple credentials in a distributed system |
US20140282931A1 (en) * | 2013-03-18 | 2014-09-18 | Ford Global Technologies, Llc | System for vehicular biometric access and personalization |
Non-Patent Citations (1)
Title |
---|
See also references of EP3756115A4 * |
Also Published As
Publication number | Publication date |
---|---|
US20210165861A1 (en) | 2021-06-03 |
EP3756115A4 (en) | 2021-08-11 |
EP3756115A1 (en) | 2020-12-30 |
US11822628B2 (en) | 2023-11-21 |
CN112020714A (en) | 2020-12-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11886563B2 (en) | Continuous authentication system and related methods | |
US10496801B2 (en) | System and method for providing an authentication engine in a persistent authentication framework | |
US10523665B2 (en) | Authentication on thin clients using independent devices | |
US7831996B2 (en) | Authentication techniques | |
EP3238123B1 (en) | Methods, systems and apparatus to initialize a platform | |
US8348157B2 (en) | Dynamic remote peripheral binding | |
US20140282992A1 (en) | Systems and methods for securing the boot process of a device using credentials stored on an authentication token | |
US9730001B2 (en) | Proximity based authentication using bluetooth | |
US20080148351A1 (en) | Method and apparatus for providing access to an application-resource | |
US20170317999A1 (en) | Security credential protection with cloud services | |
US7793339B2 (en) | Devices and methods of using network information in an authorization process | |
CN106161348B (en) | Single sign-on method, system and terminal | |
US9853971B2 (en) | Proximity based authentication using bluetooth | |
US9813904B2 (en) | System and method of secure logon for shared devices | |
US20160285911A1 (en) | Context sensitive multi-mode authentication | |
US20170185780A1 (en) | Secure bios password method in server computer | |
US20160269381A1 (en) | Apparatus, system and method of dynamically controlling access to a cloud service | |
US11461447B2 (en) | Echoprint user authentication | |
US20180063128A1 (en) | Method for automatically deleting a user password upon successful use of a multi-factor authentication modality | |
US11822628B2 (en) | Authentication profiles for users | |
US20190182229A1 (en) | Advanced application security utilizing an application key | |
US9923976B2 (en) | Control device and control method | |
US11423138B2 (en) | Firmware access based on temporary passwords | |
US9288365B2 (en) | System and method for controlling access to a server on an image processing device | |
US9935931B2 (en) | Authorizing user access to resource by determining whether other, authorized users have indicated that the user should be permitted access |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18926913 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2018926913 Country of ref document: EP Effective date: 20200923 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |