WO2020183233A1 - Systems and methods for detecting the presence of a user at a computer - Google Patents

Systems and methods for detecting the presence of a user at a computer Download PDF

Info

Publication number
WO2020183233A1
WO2020183233A1 PCT/IB2020/000143 IB2020000143W WO2020183233A1 WO 2020183233 A1 WO2020183233 A1 WO 2020183233A1 IB 2020000143 W IB2020000143 W IB 2020000143W WO 2020183233 A1 WO2020183233 A1 WO 2020183233A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
disabling
radio transceiver
network hardware
human user
Prior art date
Application number
PCT/IB2020/000143
Other languages
French (fr)
Inventor
Matthew Wootton
Boris Dieseldorff
Original Assignee
Ivani, LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/298,530 external-priority patent/US11350238B2/en
Application filed by Ivani, LLC filed Critical Ivani, LLC
Publication of WO2020183233A1 publication Critical patent/WO2020183233A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Definitions

  • This disclosure is related to the field of computer security.
  • it relates to the use of networking equipment to secure a computer system and/or detect an intruder within a detection area.
  • Computer security is the protection of the integrity or safety of computers, particularly from theft or damage of hardware, software, or information or data. This includes interference with normal computer operation, such as through denial-of-service attacks, or other disruption or misdirection of services provided or made available by computer systems.
  • malware may, for example, scan the device for valuable confidential information and acquire credentials for access to financial accounts. This data is then transmitted from the infected machine to the hacker.
  • Other malware uses compromised machines to form a botnet and then attack other systems over a network.
  • Still other malware uses a compromised computer to mine cryptocurrency. These attacks have one feature in common in that they rely on the use of networking hardware to complete the attack.
  • malware is initially installed due to unpatched security flaws, authorized users improperly providing access, or a combination of those.
  • “Hacking” is sometimes dramatized as sophisticated computer programmers using specialized software or hardware systems to break into secured computers; in reality, hacking is more often accomplished by tricking a person who already has secure access into voluntarily providing access, which can range from providing confidential authentication credentials to improperly hitting“ok” on a prompt.
  • Another way to gain unauthorized access is to use a known attack on a large set of computers and simply accept that computers with up-to-date security patches will be immune. The cost and effort involved in hacking a system with a custom hack is generally prohibitive, so these easier, more reliable and faster hacks are preferred.
  • the authorized user that is tricked into providing credentials it is often also difficult to track and nearly impossible to prevent. Because modern computer systems, properly maintained, are very difficult to hack, methods that don’t have to subvert a properly maintained modem security system are preferred.
  • malware may initially be installed is for someone to install it on an unattended computer.
  • Computer systems may be accessible while unattended in any number of circumstances. For example, a computer may be left unattended in a public place for a short period of time, such as while the user is refilling a drink at a coffee shop, or using the bathroom. Additionally, many publicly accessible computers can be found unattended at libraries, universities, and other similar types of locations.
  • a method for securing an unattended computer system comprising: providing a computer having a radio transceiver; providing a human user in physical proximity to the computer to use the computer; the human user manipulating the computer to provide authentication credentials for the human user to access the computer; validating, at the computer, the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver;
  • securing the computer from unauthorized use comprises the computer executing a security action.
  • the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
  • the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
  • the method further comprises: after the securing the computer from unauthorized use, a second human user manipulating the computer to provide second authentication credentials for the second human user to access the computer; determining that the second authentication credentials are invalid; after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
  • the human user and the second human user are not the same.
  • the further securing the computer from unauthorized use comprises the computer executing a security action.
  • the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
  • the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware
  • the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware
  • a system for securing an unattended computer system comprising: a computer having a manually operable interface for receiving user input, a radio transceiver, a microprocessor, and a non-transitory, computer-readable storage medium having stored thereon program instructions which, when executed by the microprocessor, cause the computer to perform the steps of: receiving, via the interface, user input comprising authentication credentials for a human user to access the computer; validating the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver; repeating the detecting step until the human user is no longer detected in physical proximity to use the computer; and after the human user is no longer detected in physical proximity to use the computer, securing the computer from unauthorized use.
  • the securing the computer from unauthorized use comprises the computer executing a security action.
  • the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
  • the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware
  • the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware
  • the program instructions when executed by the microprocessor, further cause the computer to perform the steps of: after the securing the computer from unauthorized use, receiving, via the interface, second user input comprising second authentication credentials for a second human user to access the computer; determining that the second authentication credentials are invalid; and after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
  • the further securing the computer from unauthorized use comprises the computer executing a security action.
  • the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
  • the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware
  • the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware
  • FIG. 1 is a schematic diagram of an embodiment of a network presence sensing (NPS) system.
  • NPS network presence sensing
  • FIG. 2 is a flow chart of an embodiment of an NPS method.
  • FIG. 3A depicts a schematic diagram of a system for change detection in a detection network over time.
  • FIG. 3B depicts a schematic diagram of a system for detecting changes in locations of humans in a detection network over time.
  • FIGs. 4 A and 4B depict, respectively, an embodiment of a system and method for detecting presence of a human user at a computer and taking a security action.
  • FIG. 5 depicts an embodiment of systems and methods to provide conditional access to a resource.
  • FIG. 6 depicts an embodiment of the systems and methods described herein at a facility level to filter network traffic.
  • the term“computer” describes hardware which generally implements functionality provided by digital computing technology, particularly computing functionality associated with microprocessors.
  • the term“computer” is not intended to be limited to any specific type of computing device, but it is intended to be inclusive of all computational devices including, but not limited to: processing devices, microprocessors, personal computers, desktop computers, laptop computers, workstations, terminals, servers, clients, portable computers, handheld computers, cell phones, mobile phones, smart phones, tablet computers, server farms, hardware appliances, minicomputers, mainframe computers, video game consoles, handheld video game products, and wearable computing devices including but not limited to eyewear, wristwear, pendants, fabrics, and clip-on devices.
  • a“computer” is necessarily an abstraction of the functionality provided by a single computer device outfitted with the hardware and accessories typical of computers in a particular role.
  • the term“computer” in reference to a laptop computer would be understood by one of ordinary skill in the art to include the functionality provided by pointer-based input devices, such as a mouse or track pad, whereas the term“computer” used in reference to an enterprise-class server would be understood by one of ordinary skill in the art to include the functionality provided by redundant systems, such as RAID drives and dual power supplies.
  • the functionality of a single computer may be distributed across a number of individual machines. This distribution may be functional, as where specific machines perform specific tasks; or, balanced, as where each machine is capable of performing most or all functions of any other machine and is assigned tasks based on its available resources at a point in time.
  • the term“computer” as used herein can refer to a single, standalone, self-contained device or to a plurality of machines working together or independently, including without limitation: a network server farm, “cloud” computing system, software-as-a-service, or other distributed or collaborative computer networks.
  • the terms“media” and“medium” mean one or more volatile and/or non-volatile computer readable medium.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
  • a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • the term“software” refers to code objects, program logic, command structures, data structures and definitions, source code, executable and/or binary files, machine code, object code, compiled libraries, implementations, algorithms, libraries, or any instruction or set of instructions capable of being executed by a computer processor, or capable of being converted into a form capable of being executed by a computer processor, including without limitation virtual processors, or by the use of run-time environments, virtual machines, and/or interpreters.
  • software can be wired or embedded into hardware, including without limitation onto a microchip, and still be considered“software” within the meaning of this disclosure.
  • software includes without limitation: instructions stored or storable in RAM, ROM, flash memory BIOS, CMOS, mother and daughter board circuitry, hardware controllers, USB controllers or hosts, peripheral devices and controllers, video cards, audio controllers, network cards, Bluetooth® and other wireless communication devices, virtual memory, storage devices and associated controllers, firmware, and device drivers.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • the term“transmitter” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to generate and transmit electromagnetic waves carrying messages, signals, data, or other information.
  • a transmitter may also comprise the componentry to receive electric signals containing such messages, signals, data, or other information, and convert them to such electromagnetic waves.
  • the term “receiver” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to receive such transmitted electromagnetic waves and convert them into signals, usually electrical, from which the message, signal, data, or other information may be extracted.
  • transceiver generally refers to a device or system that comprises both a transmitter and receiver, such as, but not necessarily limited to, a two-way radio, or wireless networking router or access point.
  • a transmitter such as, but not necessarily limited to, a two-way radio, or wireless networking router or access point.
  • all three terms should be understood as interchangeable unless otherwise indicated; for example, the term“transmitter” should be understood to imply the presence of a receiver, and the term“receiver” should be understood to imply the presence of a transmitter.
  • a mobile communication device may be, but is not limited to, a smart phone, tablet PC, e-reader, satellite navigation system (“SatNav”), fitness device (e.g. a FitbitTM or JawboneTM) or any other type of mobile computer whether of general or specific purpose functionality.
  • a mobile communication device is network-enabled and communicating with a server system providing services over a telecommunication or other infrastructure network.
  • a mobile communication device is essentially a mobile computer, but one which is commonly not associated with any particular location, is also commonly carried on a user’s person, and usually is in near-constant real-time communication with a network.
  • FIG. 1 is a schematic diagram of a system and method for NPS according to the above references.
  • FIG. 2 depicts an embodiment (201) of a method for NPS according to the above references.
  • FIGS. 3 A and 3B depict embodiments of NPS using change detection according to the above references.
  • Described herein are systems and methods for providing an additional layer of security for computer systems, particularly when unattended.
  • the systems and methods described herein use network presence sensing (NPS) technology to detect the presence or absence of a user at a computer system, and take action in response to secure the computer.
  • NPS network presence sensing
  • the basic components of the systems and methods described herein are determining physical motion, presence, or occupancy of a computer or computer system by a human, and then taking an action in response to secure that computer system.
  • the particulars of NPS are set out in the patent applications mentioned above.
  • Wi-FiTM or BluetoothTM transceiver As will be understood by a person of ordinary skill in the art, most modem computers, and even many still-functional older computer systems, include some form of wireless network communication, such as a Wi-FiTM or BluetoothTM transceiver, which generally includes an antenna.
  • Wi-FiTM or BluetoothTM transceiver which generally includes an antenna.
  • the NPS technologies described in the above-referenced applications can be used in connection with these transceivers to detect the presence of a person within the detection network of the cards, and in connection with other devices associated therewith.
  • modem computer systems use short-range radio-based protocols, such as BluetoothTM, to connect a keyboard and mouse to the computer. It is also common to have peripherals, such as headphones, or wearable devices, such as pedometers or smartwatches, wirelessly paired with the computer.
  • peripherals such as headphones
  • wearable devices such as pedometers or smartwatches
  • at least one wireless device is communicating wirelessly with a given computer in any given circumstance. These devices may be utilized to perform NPS as described herein.
  • the computer In a public space, for example, the computer is generally communicating via Wi-FiTM with a wireless router managed by the venue.
  • the computer may use a cellular or satellite data connection. This may be direct or via tethering, e.g., using data telecommunications connections of a separate device. Due to the close range required for a person to physically interact with the computer, the presence of the person is usually detectable by NPS.
  • the systems and methods described herein generally comprise a computer (101) of a user having at least one wireless transceiver (102) associated therewith.
  • the transceiver (102) is part of the computer (101) as shown, but other relationships are possible.
  • the transceiver (102) could be externally separable connected, such as via USB.
  • the transceiver (102) wirelessly transmits to at least one external device (103 A) and/or (103B).
  • This may be, by way of example and not limitation, a peripheral device such as a keyboard (103 A) or mouse (103B) as depicted in FIG. 4A.
  • the transceiver (102) may communicate with a wireless network device (105).
  • a wireless network device 105
  • Such a device (105) may be, but is not necessarily limiting to, a wireless router (105), as depicted in FIG. 4A.
  • the devices (103A) and (103B) in turn may have wireless transmitters (100 A) and (100B), respectively.
  • Authentication (203) may be through any means now known or later developed in the art.
  • authentication typically comprises entering a user name and/or password, sometimes with an additional token, such as in a two-factor authentication scheme.
  • NPS may be used (205) to determine whether there is an individual currently present at the keyboard.
  • a determination may be made based on the timing of the authentication and the timing of the NPS detection (205), that the person currently at the keyboard is an authorized user. This inference may be drawn because correct authentication credentials were supplied at the time the person was detected by NPS (205). This status is then tracked or stored and presence is continually or periodically maintained for a change in presence.
  • NPS detects a change (207) in human presence at the computer (101). Generally, this is following a period during which a human was consistently detected as being present.
  • the computer (101) may then perform one or more security actions (209). This action will vary from embodiment to embodiment, and from circumstance to circumstance, and may depend upon the particular security settings of the computer (101).
  • These settings may be provided by the user of the computer (101), or established by an administrator or other device management organization.
  • the computer (101) is the property of a company, and has been issued to an employee for company use, the information services department of the company may set security policies.
  • the computer ( 101 ) is owned by or managed by the user directly, the user may set the security policies .
  • These policies are generally represented in configuration and setting data, as will be familiar to a person of ordinary skill in the art.
  • the security action (209) comprises one or more of two major categories of actions— inhibiting access to the computer (101) and/or its data, or inhibiting use of networking hardware.
  • the security actions (209) may range from automatically locking the computer (21 1), to requiring re-authentication (213), to disabling certain features of the computer.
  • Reauthentication (213) has the advantage of requiring that proper authentication credentials be entered (203) by a person physically proximate to the computer, which allows the use of NPS to once again confirm the presence of an authorized user (205), thus restarting the loop.
  • the computer (101) may take a security action (209) to automatically disable all network access hardware. This may include the transceiver (102). Alternatively and/or additionally, the computer (101) may automatically disable all network access hardware at the hardware level, inhibiting remote attacks from being carried out on the system.
  • other security actions (209) may be taken in conjunction with, or alternatively to, NPS.
  • manual user input may be used to determine the presence or absence of a human at the computer (101).
  • the user may set an alarm when he or she departs to indicate absence.
  • the use of cameras, microphones, weight plates, or other sensors may be used to determine that a human is present at the computer (101).
  • NPS continues to operate until a human is once again detected present at the computer.
  • the computer (101) may prompt the user to reenter authentication credentials (203), requiring the newly detected human to establish that he or she is an authorized user of the computer (101). If the human fails to establish that he or she is an authorized user, the computer (101) may refuse access, or take a second security action (209).
  • This second security action (209) may be the same, or different, from a previously taken security action (209).
  • the computer (101) may encrypt sensitive information, enable wireless connectivity long enough to transmit a warning signal, or, in extreme cases, delete sensitive information.
  • Disabling at the software level generally means disabling driver software used to operate the networking hardware (102) or filtering access based on certain rules or policies.
  • a blacklist or whitelist approach may be used, where communications to or from certain Internet Protocol (IP) addresses (or address ranges) is disallowed while no human is detected as being present at the computer.
  • IP Internet Protocol
  • traffic may filtered at the packet level based on source or destination port, protocol type, characteristics of payloads, originating application, address. These are typical operating system functions that usually can be carried out using standard system administration and configuration software. This approach provides significant flexibility in the specific security action taken, but has certain limitations when facing a sophisticated attack.
  • a limitation of software disconnections is that an attacker could re-enable the drivers or modify the filter rules or policies.
  • a hardware disconnect the physical ability to utilize the network hardware (102) at all is eliminated. This means that no amount of software tampering can reenable wireless access. From the point of view of the operating system, the wireless card (102) is simply not present.
  • disabling at the hardware level would generally require specialized hardware specifically configured and designed to support this function.
  • the security action (209) may comprise encrypting and/or decrypting sensitive information.
  • this may comprise encrypting and/or decrypting specifically designated folders, drives, or data files.
  • the decryption key required to decrypt the encrypted information is disabled and/or removed, preventing access or use of the encrypted information.
  • this key is once again made available, and the encrypted information can be decrypted for access and use. This allows flexibility in that certain portions of the computer (101) are still usable as normal without requiring presence in the detection area.
  • the systems and methods provide conditional access to encrypted data.
  • an encrypted storage medium (107) contains encrypted data decryptable using a key (111).
  • This data is available, encrypted, via a data stream ( 109).
  • encrypted stream ( 109) format the data is essentially unusable until decrypted using the key (111).
  • the key (111) is stored on or otherwise available to the computer (111).
  • the security action (109) comprises revoking access to the key (111), rendering the stream (109) unusable.
  • the key (111) thus only is accessible while presence of an user is detected in the detection area.
  • the system could determine that the user is authorized by requiring a password to permit access to the medium (107) or to the key (111).
  • keys may also be managed in this fashion.
  • keys may be used to sign transactions for a public ledger system, such as a blockchain.
  • a blockchain wallet is often stored on a removable media, such as thumb drive, and connected to the computer (and thus, connected to the network) only when needed for a transaction. In this state, the wallet is known as a“hot wallet,” and, for security reasons, cryptocurrency users generally only connect the wallet when necessary for transactions.
  • a wallet that is not connected is a“cold” wallet and is invulnerable to hacking while disconnected.
  • a“cold” wallet is inconvenient because the user must keep track of a physical removable media device, which can be lost or stolen, and remember to plug it in and remove it to gain the security advantages. This is annoying, inconvenient, and introduces risk of the media being misplaced, and the wallet being lost.
  • One embodiment of the systems and methods described herein facilities use of a wallet with the convenience of a hot wallet when a user is detected (205) as being present at the computer, and the safety of a cold wallet when no user is detected as being present at the computer. This could be done, for example, by storing a private key (113) on an encrypted medium ( 107) that can only be decoded using the key (111) when an authorized user is detected (205) as being present.
  • the method for allowing access to the medium (107) may not require encryption and decryption, but rather, may simply provide or withhold electrical power to the medium (107).
  • the encrypted medium (107) may not be an entire physical drive, but may instead be a partition, folder, or other subdivision of a physical drive.
  • This concept may be used at a facility level.
  • An exemplary embodiment is depicted in Fig. 6.
  • residential internet access is provided via an internet service provider (1 15) (ISP).
  • the ISP (1 15) may determine whether Internet access (1 17) is permitted for a given subscriber based at least in part on whether the associated residence (1 19) is contemporaneously detected using NPS as being occupied.
  • the ISP (1 15) may conduct certain filtering of transmissions to or from the home (1 19), such as disallowing connections of any kind, allowing only connections from trusted sources (e.g., whitelist strategy), which may be defined by the ISP, user, or both, or disallowing connections from specific sources (e.g., blacklist strategy), or suspect sources as defined by the ISP, user, both, or a third party. Additionally, or alternatively, some combination of these strategies may be used. This can prevent or reduce risk of a remote threat while allowing normal usage while users are home (119). Additionally and/or alternatively, other methods of determining presence and/or identity as an authorized user may be used; for example, disarming a house alarm with a confidential code could demonstrate the presence of an authorized user.
  • behavior information can be used to flag a service as potentially suspicious and create a warning to users, ISPs, service creators, or any other parties, so that they can act to resolve the root issue.
  • behavior information may include changes to traffic characteristics generated by a particular program or computer. If, for example, a game ordinarily produces, on a regular basis, a certain amount of network bandwidth, but unexpected begins to consume far more, it might be inferred that the sudden and unexpected change in behavior is caused by malicious programming.
  • the computer in a given facility which may be a commercial or business building, or a home, may be connected to a home automation system and receive inputs from that system concerning the occupancy of the facility.
  • a room or office containing the computer in question may include occupancy sensors, such as motion sensors within the room, or sensors that detect whether the door is open or closed.
  • this information may be provided to the computer, which may immediately respond with a change to its security state or other operation of automation systems (e.g., lighting, HVAC, etc.).
  • automation systems e.g., lighting, HVAC, etc.
  • the computer may immediately go into a lock screen, or a sleep or standby mode.
  • presence indicators are used to protect the computer from threats in a more immediate and responsive way than do current systems.
  • the two major forms of physical computer security in use now are manually locking, which users generally forget to do, or locking after a predetermined time out.
  • predetermined time outs still run the risk of a given computer being available in an unlocked and unsecure state for some amount of time unattended.
  • Such devices do not currently require a second factor to be unlocked. This second factor of human presence would be provided by the invention described herein.
  • An additional benefit of this system is that access to the computers may be disabled, while the computer acts as a node in the network presence sensing system as described in the patent applications referenced above.
  • energy savings commands may be distributed to or from the computer system which will result in energy savings by disabling the computer when nobody is present. This prevents the problem of timeouts continuing to have the computer running and wasting energy when it is not in use and nobody is present at it.
  • Another use of this system is to provide information in a computing pool.
  • a computing pool can be generally thought of as pool of computers ordinarily used by individual users in which unused computing power may be shared.
  • the above embodiments can be varied in a number of ways.
  • the method of detecting an user is nearby the optional method of detecting whether a user is authorized and the actions taken may all be varied.
  • many different methods can determine the presence of a user such as: NPS (with or without the computer being part of the presence sensing network), PIR sensors, weight plates, cameras, and/or microphones.
  • many different methods can determine that the user is authorized, such as: a password entered at the computer, disarming an alarm, or biometric information as determined by a sensor (note that this could be the same sensor that detected presence, such as an NPS sensing network, a camera or a microphone).
  • many different actions may be taken, such as: locking a computer, changing the power state of the whole computer or a particular piece of hardware, changing firewall settings, disabling a driver, encrypting a file or a drive; note that these actions may extend beyond security to provide other benefits, such as power savings, more predictable bandwidth utilization, or to inform a controller about the computer’s availability in a computing pool.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Systems and methods for securing an unattended computer. The systems and methods provide an additional layer of security for computer systems by using network presence sensing (NFS) to detect the presence or absence of a user physically present at a computer system and if an authorized user is detected as having departed, taking a security action in response. The response may be to lock the computer, encrypted sensitive data, and so forth. The concept may also be applied at a facilities level, in computing pools, and in other instances physical presence or absence of a user at a computer is indicative of a need for a change in system state. This change could be security related, or could pertain to other resources.

Description

Systems and Methods for Detecting the Presence of a User at a Computer
CROSS-REFERENCE TO RELATED APPLICATIONS
[001] This application is a Continuation of and claims priority to United States Utility Patent Application Serial No.: 16/298,530, filed March 11, 2019 the entire disclosure of which is herein incorporated by reference.
l BACKGROUND OF THE INVENTION
Field of the Invention
[002] This disclosure is related to the field of computer security. In particular, it relates to the use of networking equipment to secure a computer system and/or detect an intruder within a detection area.
Description of the Related Art
[003] Computer security, sometimes colloquially known as cybersecurity, is the protection of the integrity or safety of computers, particularly from theft or damage of hardware, software, or information or data. This includes interference with normal computer operation, such as through denial-of-service attacks, or other disruption or misdirection of services provided or made available by computer systems.
[004] One common way computer systems are compromised is by gaining unauthorized access to the computer and then deploying hidden malware on the compromised machine. Such malware may, for example, scan the device for valuable confidential information and acquire credentials for access to financial accounts. This data is then transmitted from the infected machine to the hacker. Other malware uses compromised machines to form a botnet and then attack other systems over a network. Still other malware uses a compromised computer to mine cryptocurrency. These attacks have one feature in common in that they rely on the use of networking hardware to complete the attack.
[005] Most malware is initially installed due to unpatched security flaws, authorized users improperly providing access, or a combination of those. “Hacking” is sometimes dramatized as sophisticated computer programmers using specialized software or hardware systems to break into secured computers; in reality, hacking is more often accomplished by tricking a person who already has secure access into voluntarily providing access, which can range from providing confidential authentication credentials to improperly hitting“ok” on a prompt. Another way to gain unauthorized access is to use a known attack on a large set of computers and simply accept that computers with up-to-date security patches will be immune. The cost and effort involved in hacking a system with a custom hack is generally prohibitive, so these easier, more reliable and faster hacks are preferred. In the case of the authorized user that is tricked into providing credentials, it is often also difficult to track and nearly impossible to prevent. Because modern computer systems, properly maintained, are very difficult to hack, methods that don’t have to subvert a properly maintained modem security system are preferred.
[006] Another way malware may initially be installed is for someone to install it on an unattended computer. Computer systems may be accessible while unattended in any number of circumstances. For example, a computer may be left unattended in a public place for a short period of time, such as while the user is refilling a drink at a coffee shop, or using the bathroom. Additionally, many publicly accessible computers can be found unattended at libraries, universities, and other similar types of locations.
[007] There is a need in the art to diminish the ability of an attacker to use initial access to a computer system to further attack said computer or, as part of a botnet, other computers.
SUMMARY OF THE INVENTION
[008] The following is a summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not intended to identify key or critical elements of the invention or to delineate the scope of the invention. The sole purpose of this section is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.
[009] Because of these and other problems in the art, described herein, among other things, is a method for securing an unattended computer system comprising: providing a computer having a radio transceiver; providing a human user in physical proximity to the computer to use the computer; the human user manipulating the computer to provide authentication credentials for the human user to access the computer; validating, at the computer, the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver;
repeating the detecting step until the human user is no longer detected in physical proximity to use the computer; and after the human user is no longer detected in physical proximity to use the computer, detecting that the detected user is no longer in physical proximity to use the computer, securing the computer from unauthorized use.
[010] In a further embodiment of the method, securing the computer from unauthorized use comprises the computer executing a security action.
[011] In a further embodiment of the method, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer. [012] In a further embodiment of the method, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
[013] In a further embodiment of the method, the method further comprises: after the securing the computer from unauthorized use, a second human user manipulating the computer to provide second authentication credentials for the second human user to access the computer; determining that the second authentication credentials are invalid; after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
[014] In a further embodiment of the method, the human user and the second human user are not the same.
[015] In a further embodiment of the method, the further securing the computer from unauthorized use comprises the computer executing a security action.
[016] In a further embodiment of the method, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
[017] In a further embodiment of the method, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
[018] Also described herein, among other things, is a system for securing an unattended computer system comprising: a computer having a manually operable interface for receiving user input, a radio transceiver, a microprocessor, and a non-transitory, computer-readable storage medium having stored thereon program instructions which, when executed by the microprocessor, cause the computer to perform the steps of: receiving, via the interface, user input comprising authentication credentials for a human user to access the computer; validating the authentication credentials; detecting, when the authentication credentials are validated, the physical proximity to the computer of the human user, the detecting comprising network presence sensing using the radio transceiver; repeating the detecting step until the human user is no longer detected in physical proximity to use the computer; and after the human user is no longer detected in physical proximity to use the computer, securing the computer from unauthorized use.
[019] In a further embodiment of the system, the securing the computer from unauthorized use comprises the computer executing a security action.
[020] In a further embodiment of the system, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
[021] In a further embodiment of the system, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
[022] In a further embodiment of the system, the program instructions, when executed by the microprocessor, further cause the computer to perform the steps of: after the securing the computer from unauthorized use, receiving, via the interface, second user input comprising second authentication credentials for a second human user to access the computer; determining that the second authentication credentials are invalid; and after the determining that the second authentication credentials are invalid, further securing the computer from unauthorized use.
[023] In a further embodiment of the system, the further securing the computer from unauthorized use comprises the computer executing a security action.
[024] In a further embodiment of the system, the security action is selected from the group consisting of: locking the computer; setting the computer to sleep mode; disabling the radio transceiver; disabling network hardware of the computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at the computer; and deleting data stored at the computer.
[025] In a further embodiment of the system, the disabling the radio transceiver comprises discontinuing electric power to the radio transceiver or network hardware, and the disabling the network hardware of the computer comprises discontinuing electric power to the network hardware.
BRIEF DESCRIPTION OF THE DRAWINGS
[026] FIG. 1 is a schematic diagram of an embodiment of a network presence sensing (NPS) system.
[027] FIG. 2 is a flow chart of an embodiment of an NPS method.
[028] FIG. 3A depicts a schematic diagram of a system for change detection in a detection network over time.
[029] FIG. 3B depicts a schematic diagram of a system for detecting changes in locations of humans in a detection network over time.
[030] FIGs. 4 A and 4B depict, respectively, an embodiment of a system and method for detecting presence of a human user at a computer and taking a security action.
[031] FIG. 5 depicts an embodiment of systems and methods to provide conditional access to a resource.
[032] FIG. 6 depicts an embodiment of the systems and methods described herein at a facility level to filter network traffic.
DESCRIPTION OF THE PREFERRED EMBODIMENT(S)
[033] The following detailed description and disclosure illustrates by way of example and not by way of limitation. This description will clearly enable one skilled in the art to make and use the disclosed systems and methods, and describes several embodiments, adaptations, variations, alternatives and uses of the disclosed systems and methods. As various changes could be made in the above constructions without departing from the scope of the disclosures, it is intended that all matter contained in the description or shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.
[034] Throughout this disclosure, the term“computer” describes hardware which generally implements functionality provided by digital computing technology, particularly computing functionality associated with microprocessors. The term“computer” is not intended to be limited to any specific type of computing device, but it is intended to be inclusive of all computational devices including, but not limited to: processing devices, microprocessors, personal computers, desktop computers, laptop computers, workstations, terminals, servers, clients, portable computers, handheld computers, cell phones, mobile phones, smart phones, tablet computers, server farms, hardware appliances, minicomputers, mainframe computers, video game consoles, handheld video game products, and wearable computing devices including but not limited to eyewear, wristwear, pendants, fabrics, and clip-on devices.
[035] As used herein, a“computer” is necessarily an abstraction of the functionality provided by a single computer device outfitted with the hardware and accessories typical of computers in a particular role. By way of example and not limitation, the term“computer” in reference to a laptop computer would be understood by one of ordinary skill in the art to include the functionality provided by pointer-based input devices, such as a mouse or track pad, whereas the term“computer” used in reference to an enterprise-class server would be understood by one of ordinary skill in the art to include the functionality provided by redundant systems, such as RAID drives and dual power supplies.
[036] It is also well known to those of ordinary skill in the art that the functionality of a single computer may be distributed across a number of individual machines. This distribution may be functional, as where specific machines perform specific tasks; or, balanced, as where each machine is capable of performing most or all functions of any other machine and is assigned tasks based on its available resources at a point in time. Thus, the term“computer” as used herein, can refer to a single, standalone, self-contained device or to a plurality of machines working together or independently, including without limitation: a network server farm, “cloud” computing system, software-as-a-service, or other distributed or collaborative computer networks.
[037] Those of ordinary skill in the art also appreciate that some devices which are not conventionally thought of as “computers” nevertheless exhibit the characteristics of a “computer” in certain contexts. Where such a device is performing the functions of a “computer” as described herein, the term“computer” includes such devices to that extent. Devices of this type include but are not limited to: network hardware, print servers, file servers, NAS and SAN, load balancers, and any other hardware capable of interacting with the systems and methods described herein in the matter of a conventional“computer.”
[038] Throughout this disclosure, the terms“media” and“medium” mean one or more volatile and/or non-volatile computer readable medium. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
[039] A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
[040] Throughout this disclosure, the term“software” refers to code objects, program logic, command structures, data structures and definitions, source code, executable and/or binary files, machine code, object code, compiled libraries, implementations, algorithms, libraries, or any instruction or set of instructions capable of being executed by a computer processor, or capable of being converted into a form capable of being executed by a computer processor, including without limitation virtual processors, or by the use of run-time environments, virtual machines, and/or interpreters. Those of ordinary skill in the art recognize that software can be wired or embedded into hardware, including without limitation onto a microchip, and still be considered“software” within the meaning of this disclosure. For purposes of this disclosure, software includes without limitation: instructions stored or storable in RAM, ROM, flash memory BIOS, CMOS, mother and daughter board circuitry, hardware controllers, USB controllers or hosts, peripheral devices and controllers, video cards, audio controllers, network cards, Bluetooth® and other wireless communication devices, virtual memory, storage devices and associated controllers, firmware, and device drivers. The systems and methods described here are contemplated to use computers and computer software typically stored in a computer- or machine-readable storage medium or memory.
[041 ] Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
[042] Throughout this disclosure, the term“transmitter” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to generate and transmit electromagnetic waves carrying messages, signals, data, or other information. A transmitter may also comprise the componentry to receive electric signals containing such messages, signals, data, or other information, and convert them to such electromagnetic waves. The term “receiver” refers to equipment, or a set of equipment, having the hardware, circuitry, and/or software to receive such transmitted electromagnetic waves and convert them into signals, usually electrical, from which the message, signal, data, or other information may be extracted. The term“transceiver” generally refers to a device or system that comprises both a transmitter and receiver, such as, but not necessarily limited to, a two-way radio, or wireless networking router or access point. For purposes of this disclosure, all three terms should be understood as interchangeable unless otherwise indicated; for example, the term“transmitter” should be understood to imply the presence of a receiver, and the term“receiver” should be understood to imply the presence of a transmitter.
[043] For purposes of this disclosure, there will also be significant discussion of a special type of computer referred to as a“mobile communication device” or simply“mobile device”. A mobile communication device may be, but is not limited to, a smart phone, tablet PC, e-reader, satellite navigation system (“SatNav”), fitness device (e.g. a Fitbit™ or Jawbone™) or any other type of mobile computer whether of general or specific purpose functionality. Generally speaking, a mobile communication device is network-enabled and communicating with a server system providing services over a telecommunication or other infrastructure network. A mobile communication device is essentially a mobile computer, but one which is commonly not associated with any particular location, is also commonly carried on a user’s person, and usually is in near-constant real-time communication with a network.
[044] This application should be understood with respect to the systems and methods for detecting the presence of a human within a detection network, or“Network Presence Sensing” (NPS) described in United States Utility Patent Application No. 15/674,328, filed August 10, 2017, United States Utility Patent Application No. 15/600,380, filed May 19, 2017, United States Utility Patent No. 9,693,195, United States Utility Patent No. 9,474,042, United States Provisional Patent Application Number 62/252,954, filed November 9, 2015, and United States Provisional Patent Application Number 62/219,457, filed September 16, 2015. This disclosures of all of these documents are incorporated herein by reference. Various aspects of these disclosures are discussed herein, including NPS, which is, at a high level, the inference of the presence of humans within a detection network based on changes in the characteristics of wireless network signals caused by the absorption of wireless waves caused by the water mass of the human body within the detection network. FIG. 1 is a schematic diagram of a system and method for NPS according to the above references. FIG. 2 depicts an embodiment (201) of a method for NPS according to the above references. FIGS. 3 A and 3B depict embodiments of NPS using change detection according to the above references.
[045] Described herein are systems and methods for providing an additional layer of security for computer systems, particularly when unattended. The systems and methods described herein use network presence sensing (NPS) technology to detect the presence or absence of a user at a computer system, and take action in response to secure the computer. At a high level, the basic components of the systems and methods described herein are determining physical motion, presence, or occupancy of a computer or computer system by a human, and then taking an action in response to secure that computer system. The particulars of NPS are set out in the patent applications mentioned above.
[046] As will be understood by a person of ordinary skill in the art, most modem computers, and even many still-functional older computer systems, include some form of wireless network communication, such as a Wi-Fi™ or Bluetooth™ transceiver, which generally includes an antenna. The NPS technologies described in the above-referenced applications can be used in connection with these transceivers to detect the presence of a person within the detection network of the cards, and in connection with other devices associated therewith.
[047] For example, many modem computer systems use short-range radio-based protocols, such as Bluetooth™, to connect a keyboard and mouse to the computer. It is also common to have peripherals, such as headphones, or wearable devices, such as pedometers or smartwatches, wirelessly paired with the computer. Typically, at least one wireless device is communicating wirelessly with a given computer in any given circumstance. These devices may be utilized to perform NPS as described herein. In a public space, for example, the computer is generally communicating via Wi-Fi™ with a wireless router managed by the venue. Alternatively, the computer may use a cellular or satellite data connection. This may be direct or via tethering, e.g., using data telecommunications connections of a separate device. Due to the close range required for a person to physically interact with the computer, the presence of the person is usually detectable by NPS.
[048] The systems and methods described herein generally comprise a computer (101) of a user having at least one wireless transceiver (102) associated therewith. Typically, the transceiver (102) is part of the computer (101) as shown, but other relationships are possible. For example, the transceiver (102) could be externally separable connected, such as via USB. In the depicted embodiment of FIG. 4 A, the transceiver (102) wirelessly transmits to at least one external device (103 A) and/or (103B). This may be, by way of example and not limitation, a peripheral device such as a keyboard (103 A) or mouse (103B) as depicted in FIG. 4A. Additionally, and/or alternatively, the transceiver (102) may communicate with a wireless network device (105). Such a device (105) may be, but is not necessarily limiting to, a wireless router (105), as depicted in FIG. 4A. The devices (103A) and (103B) in turn may have wireless transmitters (100 A) and (100B), respectively.
[049] In an embodiment, when an authorized user begins to use the computer (101), the user generally will initially authenticate (203) him or herself. Authentication (203) may be through any means now known or later developed in the art. Presently, authentication typically comprises entering a user name and/or password, sometimes with an additional token, such as in a two-factor authentication scheme. Once authentication is complete, NPS may be used (205) to determine whether there is an individual currently present at the keyboard. In an embodiment, a determination may be made based on the timing of the authentication and the timing of the NPS detection (205), that the person currently at the keyboard is an authorized user. This inference may be drawn because correct authentication credentials were supplied at the time the person was detected by NPS (205). This status is then tracked or stored and presence is continually or periodically maintained for a change in presence.
[050] After a period of time of the user operating the computer (101) (and the aforementioned NPS monitoring), NPS detects a change (207) in human presence at the computer (101). Generally, this is following a period during which a human was consistently detected as being present. When NPS detects that the authenticated human is no longer present (207) at the computer ( 101 ), the computer (101) may then perform one or more security actions (209). This action will vary from embodiment to embodiment, and from circumstance to circumstance, and may depend upon the particular security settings of the computer (101).
[051] These settings may be provided by the user of the computer (101), or established by an administrator or other device management organization. For example, if the computer (101) is the property of a company, and has been issued to an employee for company use, the information services department of the company may set security policies. Where the computer ( 101 ) is owned by or managed by the user directly, the user may set the security policies . These policies are generally represented in configuration and setting data, as will be familiar to a person of ordinary skill in the art.
[052] Generally, the security action (209) comprises one or more of two major categories of actions— inhibiting access to the computer (101) and/or its data, or inhibiting use of networking hardware. The security actions (209) may range from automatically locking the computer (21 1), to requiring re-authentication (213), to disabling certain features of the computer. Reauthentication (213) has the advantage of requiring that proper authentication credentials be entered (203) by a person physically proximate to the computer, which allows the use of NPS to once again confirm the presence of an authorized user (205), thus restarting the loop.
[053] As another example, when the user is no longer at the computer (101) as detected by NPS (207), the computer (101) may take a security action (209) to automatically disable all network access hardware. This may include the transceiver (102). Alternatively and/or additionally, the computer (101) may automatically disable all network access hardware at the hardware level, inhibiting remote attacks from being carried out on the system.
[054] In an embodiment, other security actions (209) may be taken in conjunction with, or alternatively to, NPS. By way of example and not limitation, manual user input may be used to determine the presence or absence of a human at the computer (101). For example, the user may set an alarm when he or she departs to indicate absence. Also by way of example, the use of cameras, microphones, weight plates, or other sensors, may be used to determine that a human is present at the computer (101).
[055] In an embodiment, after the security action (209) is taken, NPS continues to operate until a human is once again detected present at the computer. In the depicted embodiment in FIG. 4B, when a human is detected, the computer (101) may prompt the user to reenter authentication credentials (203), requiring the newly detected human to establish that he or she is an authorized user of the computer (101). If the human fails to establish that he or she is an authorized user, the computer (101) may refuse access, or take a second security action (209). This second security action (209) may be the same, or different, from a previously taken security action (209). For example, the computer (101) may encrypt sensitive information, enable wireless connectivity long enough to transmit a warning signal, or, in extreme cases, delete sensitive information.
[056] Because most attacks rely on the use of network access to be successful, a typical security action (209) to disable wireless network access at the hardware level, meaning electrical power to the networking hardware is discontinued. This prevents the antenna from being energized to send or receive signals at all when no human is detected as present at the computer, resulting in the computer (101), even if compromised by an intruder, being rendered mostly useless for an attack. As an example, for a botnet type infection, this security measure increases the cost to infect a computer (101), since it may only be infected while a human is present, while also reducing the benefit an attacker may gain from infecting the computer system, since it may only participate in said botnet when a human is present. As a result, such attacks become less lucrative and more difficult, which would result in a reduction of the prevalence of attacks in general.
[057] It is important to understand the difference between disabling the hardware at the “hardware level” versus disabling at the“software level”. Disabling at the software level generally means disabling driver software used to operate the networking hardware (102) or filtering access based on certain rules or policies. By way of examine and not limitation, a blacklist or whitelist approach may be used, where communications to or from certain Internet Protocol (IP) addresses (or address ranges) is disallowed while no human is detected as being present at the computer. Alternatively, traffic may filtered at the packet level based on source or destination port, protocol type, characteristics of payloads, originating application, address. These are typical operating system functions that usually can be carried out using standard system administration and configuration software. This approach provides significant flexibility in the specific security action taken, but has certain limitations when facing a sophisticated attack.
[058] A limitation of software disconnections is that an attacker could re-enable the drivers or modify the filter rules or policies. With a hardware disconnect, the physical ability to utilize the network hardware (102) at all is eliminated. This means that no amount of software tampering can reenable wireless access. From the point of view of the operating system, the wireless card (102) is simply not present. As will be understood by a person of ordinary skill in the art, disabling at the hardware level would generally require specialized hardware specifically configured and designed to support this function.
[059] In an embodiment, the security action (209) may comprise encrypting and/or decrypting sensitive information. By way of example and not limitation, this may comprise encrypting and/or decrypting specifically designated folders, drives, or data files. In the depicted embodiment of FIG. 4B, when no user is detected at the computer (207), the decryption key required to decrypt the encrypted information is disabled and/or removed, preventing access or use of the encrypted information. When a user is detected at the computer (205), this key is once again made available, and the encrypted information can be decrypted for access and use. This allows flexibility in that certain portions of the computer (101) are still usable as normal without requiring presence in the detection area. In an embodiment, the systems and methods provide conditional access to encrypted data. An exemplary embodiment is depicted in FIG. 5 In the depicted embodiment of FIG. 5, an encrypted storage medium (107) contains encrypted data decryptable using a key (111). This data is available, encrypted, via a data stream ( 109). In encrypted stream ( 109) format, the data is essentially unusable until decrypted using the key (111). The key (111) is stored on or otherwise available to the computer (111). In the depicted embodiment, the security action (109) comprises revoking access to the key (111), rendering the stream (109) unusable. The key (111) thus only is accessible while presence of an user is detected in the detection area. Optionally, the system could determine that the user is authorized by requiring a password to permit access to the medium (107) or to the key (111).
[060] Other keys may also be managed in this fashion. For example, keys may be used to sign transactions for a public ledger system, such as a blockchain. A blockchain wallet is often stored on a removable media, such as thumb drive, and connected to the computer (and thus, connected to the network) only when needed for a transaction. In this state, the wallet is known as a“hot wallet,” and, for security reasons, cryptocurrency users generally only connect the wallet when necessary for transactions. A wallet that is not connected is a“cold” wallet and is invulnerable to hacking while disconnected. However, a“cold” wallet is inconvenient because the user must keep track of a physical removable media device, which can be lost or stolen, and remember to plug it in and remove it to gain the security advantages. This is annoying, inconvenient, and introduces risk of the media being misplaced, and the wallet being lost.
[061] One embodiment of the systems and methods described herein facilities use of a wallet with the convenience of a hot wallet when a user is detected (205) as being present at the computer, and the safety of a cold wallet when no user is detected as being present at the computer. This could be done, for example, by storing a private key (113) on an encrypted medium ( 107) that can only be decoded using the key (111) when an authorized user is detected (205) as being present.
[062] Many variations of this embodiment are possible. For example, the method for allowing access to the medium (107) may not require encryption and decryption, but rather, may simply provide or withhold electrical power to the medium (107). Similarly, the encrypted medium (107) may not be an entire physical drive, but may instead be a partition, folder, or other subdivision of a physical drive.
[063] This concept may be used at a facility level. An exemplary embodiment is depicted in Fig. 6. In this embodiment, residential internet access is provided via an internet service provider (1 15) (ISP). The ISP (1 15) may determine whether Internet access (1 17) is permitted for a given subscriber based at least in part on whether the associated residence (1 19) is contemporaneously detected using NPS as being occupied. While the dwelling (119) is detected as unoccupied, the ISP (1 15) may conduct certain filtering of transmissions to or from the home (1 19), such as disallowing connections of any kind, allowing only connections from trusted sources (e.g., whitelist strategy), which may be defined by the ISP, user, or both, or disallowing connections from specific sources (e.g., blacklist strategy), or suspect sources as defined by the ISP, user, both, or a third party. Additionally, or alternatively, some combination of these strategies may be used. This can prevent or reduce risk of a remote threat while allowing normal usage while users are home (119). Additionally and/or alternatively, other methods of determining presence and/or identity as an authorized user may be used; for example, disarming a house alarm with a confidential code could demonstrate the presence of an authorized user.
[064] For example, when users are detected as being present at home (1 19), and traffic (117) from an interactive video game company is detected to or from the home (119), such traffic (1 17) would be allowed because it is presumed that the detected users at home (119) are playing the game. However, if no users are detected as being present at home, and connections are detected to or from the house (119) from an interactive service of this kind, the traffic may be blocked, because an unoccupied home (119) would have nobody in it who could be playing an interactive video game. Thus, it is more likely that this traffic (117) is malicious at worst or erroneous at best.
[065] In either case, there is a justification for inhibiting or disallowing the traffic entirely. For example, the user may have an unauthorized intruder in the home that has not been detected. Alternatively, the computer system may be compromised and the malicious software may be piggy-backing its activities on a known game or other innocuous protocol, such as through a modification, packet sniffer, man-in-the-middle attack, and so forth. A third possibility is that the software itself is operating without modification but is inherently vulnerable and has been infected with malware of which its publishers are unaware. Conversely, hacking attempts from outside to infect a computer in the home, or to scan the home computers or otherwise transmit viruses or other malware, can be thwarted without interfering with normal operations. Additionally, when the house is unoccupied, the traffic is blocked, therefore unattended machines cannot be used as zombies in a botnet. Yet another benefit is that behavior information can be used to flag a service as potentially suspicious and create a warning to users, ISPs, service creators, or any other parties, so that they can act to resolve the root issue. By way of example and not limitation, such behavior information may include changes to traffic characteristics generated by a particular program or computer. If, for example, a game ordinarily produces, on a regular basis, a certain amount of network bandwidth, but unexpected begins to consume far more, it might be inferred that the sudden and unexpected change in behavior is caused by malicious programming.
[066] Still other implementations of this principle are also possible. For example, the computer in a given facility, which may be a commercial or business building, or a home, may be connected to a home automation system and receive inputs from that system concerning the occupancy of the facility. For example, a room or office containing the computer in question may include occupancy sensors, such as motion sensors within the room, or sensors that detect whether the door is open or closed. If a change in the occupancy state is detected by such a system showing that the office in which the computer is located is no longer occupied (e.g., the motion sensor detects motion in the room, followed by no motion, or a door that is opened is detected as being closed), this information may be provided to the computer, which may immediately respond with a change to its security state or other operation of automation systems (e.g., lighting, HVAC, etc.).
[067] For example, the computer may immediately go into a lock screen, or a sleep or standby mode. In this fashion, presence indicators are used to protect the computer from threats in a more immediate and responsive way than do current systems. For example, the two major forms of physical computer security in use now are manually locking, which users generally forget to do, or locking after a predetermined time out. However, predetermined time outs still run the risk of a given computer being available in an unlocked and unsecure state for some amount of time unattended. Further, even when such devices become locked, they do not currently require a second factor to be unlocked. This second factor of human presence would be provided by the invention described herein.
[068] An additional benefit of this system is that access to the computers may be disabled, while the computer acts as a node in the network presence sensing system as described in the patent applications referenced above. In such an embodiment, energy savings commands may be distributed to or from the computer system which will result in energy savings by disabling the computer when nobody is present. This prevents the problem of timeouts continuing to have the computer running and wasting energy when it is not in use and nobody is present at it. [069] Another use of this system is to provide information in a computing pool. A computing pool can be generally thought of as pool of computers ordinarily used by individual users in which unused computing power may be shared. For example, when any given user is done working for the day, the processing potential of that user’s computer is essentially wasted, even while others continue to work and experience latency and slowdowns due to inherent processing throughput limitations. This is particularly true for computationally intensive industries. In a computing pool, all participating computers can share idle processing capacity to assist with high processing loads experienced by other computers in the pool. When each computer in the pool is being used directly (e.g., a user is detected as being present at the computer), it may be automatically removed from the computing pool to ensure that the designated user has full access to its processing facilities. However, when the user departs and is no longer detected as present at the computer, the computer may be added back to the pool so that its idle processing power may be utilized by others. This is an improvement over current methods in the art, which generally use some combination of schedules, time since last user interaction, and resource utilization, to determine when to add or remove a given computer to or from the computing pool. By detecting presence at the computer, individual computers can be correctly managed in a computing pool in real-time or near real-time with the arrival and departure of the designated user for each computer. This approach would improve resource utilization and reduce waste.
[070] As should be clear to one of ordinary skill in the art, the above embodiments can be varied in a number of ways. By way of example and not limitation, the method of detecting an user is nearby, the optional method of detecting whether a user is authorized and the actions taken may all be varied. As noted in some of the above embodiments, many different methods can determine the presence of a user such as: NPS (with or without the computer being part of the presence sensing network), PIR sensors, weight plates, cameras, and/or microphones. Similarly, many different methods can determine that the user is authorized, such as: a password entered at the computer, disarming an alarm, or biometric information as determined by a sensor (note that this could be the same sensor that detected presence, such as an NPS sensing network, a camera or a microphone). Finally, many different actions may be taken, such as: locking a computer, changing the power state of the whole computer or a particular piece of hardware, changing firewall settings, disabling a driver, encrypting a file or a drive; note that these actions may extend beyond security to provide other benefits, such as power savings, more predictable bandwidth utilization, or to inform a controller about the computer’s availability in a computing pool.
[071] While the invention has been disclosed in conjunction with a description of certain embodiments, including those that are currently believed to be the preferred embodiments, the detailed description is intended to be illustrative and should not be understood to limit the scope of the present disclosure. As would be understood by one of ordinary skill in the art, embodiments other than those described in detail herein are encompassed by the present invention. Modifications and variations of the described embodiments may be made without departing from the spirit and scope of the invention.

Claims

1. A method for securing an unattended computer system comprising:
providing a computer having a radio transceiver;
providing a human user in physical proximity to said computer to use said computer; said human user manipulating said computer to provide authentication credentials for said human user to access said computer;
validating, at said computer, said authentication credentials;
detecting, when said authentication credentials are validated, said physical proximity to said computer of said human user, said detecting comprising network presence sensing using said radio transceiver;
repeating said detecting step until said human user is no longer detected in physical proximity to use said computer; and
after said human user is no longer detected in physical proximity to use said computer, securing said computer from unauthorized use.
2. The method of claim 1, wherein said securing said computer from unauthorized use comprises said computer executing a security action.
3. The method of claim 2, wherein said security action is selected from the group consisting of: locking said computer; setting said computer to sleep mode; disabling said radio transceiver; disabling network hardware of said computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at said computer; and deleting data stored at said computer.
4. The method of claim 3, wherein said disabling said radio transceiver comprises discontinuing electric power to said radio transceiver or network hardware, and said disabling said network hardware of said computer comprises discontinuing electric power to said network hardware.
5. The method of claim 1, further comprising:
after said securing said computer from unauthorized use, a second human user manipulating said computer to provide second authentication credentials for said second human user to access said computer;
determining that said second authentication credentials are invalid;
after said determining that said second authentication credentials are invalid, further securing said computer from unauthorized use.
6. The method of claim 5, wherein said human user and said second human user are not the same.
7. The method of claim 5, wherein said further securing said computer from unauthorized use comprises said computer executing a security action.
8. The method of claim 7, wherein said security action is selected from the group consisting of: locking said computer; setting said computer to sleep mode; disabling said radio transceiver; disabling network hardware of said computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at said computer; and deleting data stored at said computer.
9. The method of claim 8, wherein said disabling said radio transceiver comprises discontinuing electric power to said radio transceiver or network hardware, and said disabling said network hardware of said computer comprises discontinuing electric power to said network hardware.
10. A system for securing an unattended computer system comprising:
a computer having a manually operable interface for receiving user input, a radio transceiver, a microprocessor, and a non-transitory, computer-readable storage medium having stored thereon program instructions which, when executed by said microprocessor, cause said computer to perform the steps of: receiving, via said interface, user input comprising authentication credentials for a human user to access said computer;
validating said authentication credentials;
detecting, when said authentication credentials are validated, said physical proximity to said computer of said human user, said detecting comprising network presence sensing using said radio transceiver;
repeating said detecting step until said human user is no longer detected in physical proximity to use said computer; and
after said human user is no longer detected in physical proximity to use said computer, securing said computer from unauthorized use.
11. The system of claim 10, wherein said securing said computer from unauthorized use comprises said computer executing a security action.
12. The system of claim 11, wherein said security action is selected from the group consisting of: locking said computer; setting said computer to sleep mode; disabling said radio transceiver; disabling network hardware of said computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at said computer; and deleting data stored at said computer.
13. The system of claim 12, wherein said disabling said radio transceiver comprises discontinuing electric power to said radio transceiver or network hardware, and said disabling said network hardware of said computer comprises discontinuing electric power to said network hardware.
14. The system of claim 10, wherein said program instructions, when executed by said microprocessor, further cause said computer to perform the steps of: after said securing said computer from unauthorized use, receiving, via said interface, second user input comprising second authentication credentials for a second human user to access said computer;
determining that said second authentication credentials are invalid; and
after said determining that said second authentication credentials are invalid, further securing said computer from unauthorized use.
15. The system of claim 14, wherein said further securing said computer from unauthorized use comprises said computer executing a security action.
16. The system of claim 15, wherein said security action is selected from the group consisting of: locking said computer; setting said computer to sleep mode; disabling said radio transceiver; disabling network hardware of said computer; disabling access to a digital wallet; disabling a storage medium; encrypting data stored at said computer; and deleting data stored at said computer.
17. The system of claim 16, wherein said disabling said radio transceiver comprises discontinuing electric power to said radio transceiver or network hardware, and said disabling said network hardware of said computer comprises discontinuing electric power to said network hardware.
PCT/IB2020/000143 2019-03-11 2020-03-04 Systems and methods for detecting the presence of a user at a computer WO2020183233A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/298,530 US11350238B2 (en) 2015-09-16 2019-03-11 Systems and methods for detecting the presence of a user at a computer
US16/298,530 2019-03-11

Publications (1)

Publication Number Publication Date
WO2020183233A1 true WO2020183233A1 (en) 2020-09-17

Family

ID=72427809

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2020/000143 WO2020183233A1 (en) 2019-03-11 2020-03-04 Systems and methods for detecting the presence of a user at a computer

Country Status (1)

Country Link
WO (1) WO2020183233A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130028506A (en) * 2011-09-09 2013-03-19 주식회사 팬택 Electronic device and method for locking and unlocking itself using surrounding information
US20160371959A1 (en) * 2013-06-03 2016-12-22 At&T Intellectual Property I, L.P. Detecting Presence Using a Presence Sensor Network
US20170024574A1 (en) * 2015-07-21 2017-01-26 Motorola Mobility Llc Device lock control apparatus and method with device user identification using a thermal signature
US20170257744A1 (en) * 2015-09-16 2017-09-07 Ivani, LLC Detecting location within a network
US9980020B1 (en) * 2016-12-29 2018-05-22 Snap-On Incorporated Remote locking system architecture and user interface

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130028506A (en) * 2011-09-09 2013-03-19 주식회사 팬택 Electronic device and method for locking and unlocking itself using surrounding information
US20160371959A1 (en) * 2013-06-03 2016-12-22 At&T Intellectual Property I, L.P. Detecting Presence Using a Presence Sensor Network
US20170024574A1 (en) * 2015-07-21 2017-01-26 Motorola Mobility Llc Device lock control apparatus and method with device user identification using a thermal signature
US20170257744A1 (en) * 2015-09-16 2017-09-07 Ivani, LLC Detecting location within a network
US9980020B1 (en) * 2016-12-29 2018-05-22 Snap-On Incorporated Remote locking system architecture and user interface

Similar Documents

Publication Publication Date Title
US11477625B2 (en) System, apparatus and method for scalable internet of things (IoT) device on-boarding with quarantine capabilities
US10542002B2 (en) Systems and methods for device authentication
JP6888673B2 (en) Systems and methods for authenticating and authorizing devices
US10419226B2 (en) Systems and methods for device authentication
US8132236B2 (en) System and method for providing secured access to mobile devices
US8266683B2 (en) Automated security privilege setting for remote system users
US20170238236A1 (en) Mac address-bound wlan password
Rahim et al. Sensor based PUF IoT authentication model for a smart home with private blockchain
Logeshwaran et al. Evaluating Secured Routing Scheme for Mobile Systems in the Internet of Things (IoT) Environment
Alfaqih et al. Internet of things security based on devices architecture
Yoon et al. Security considerations based on classification of IoT device capabilities
US11350238B2 (en) Systems and methods for detecting the presence of a user at a computer
CN105991524A (en) Family information security system
WO2020183233A1 (en) Systems and methods for detecting the presence of a user at a computer
KR102139589B1 (en) An authentication and key establishment protocol for internet of things using digitalseal
Gupta et al. Cyber threat analysis of consumer devices
US20080060060A1 (en) Automated Security privilege setting for remote system users
Dumka et al. Security and Challenges in Mobile Cloud Computing
Pandhare et al. A Secure Authentication Protocol for Enterprise Administrative Devices
US20220417224A1 (en) Method and apparatus for authenticating encrypted communication
CN112219230B (en) Secure device operation using transferred code modules
CN110383281A (en) Asymmetric system and network architecture
Usman et al. Lightweight Challenge-Response Authentication in SDN-Based UAVs Using Elliptic Curve Cryptography. Electronics 2022, 11, 1026
Miraoui Context-aware Authorization Model for Smartphones
Milenkovic et al. Chapter 5: Security and Management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20771097

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20771097

Country of ref document: EP

Kind code of ref document: A1