Patent Grant
10063562
Conventional access control systems protect sensitive resources by performing authentication operations to determine whether users requesting access to the resources are authentic. In one example, a user may be required to provide a correct password before being granted access to a resource. In another example, the user may be asked to provide a recognized fingerprint to a fingerprint reader before being granted access to a resource. For these examples, a conventional access control system compares the provided user input to expected user input to determine whether to grant or deny the user access to the sensitive resource.
Improved techniques of controlling access to a resource involve selecting an authentication scheme for authenticating a user based on an environmental context in which the user is requesting access to the resource. Along these lines, the access control server receives application usage data from a user and separates the data into current environmental factors and current usage factors. In response, the access control server compares the current environmental factors to expected environmental factors for each of multiple predefined environmental contexts. Based on measures of closeness between the current and expected environmental factors, the access control server computes a familiarity score indicative of whether the request to access the resource is recognizable within the particular environmental context. The access control server then selects, based on the familiarity score, an authentication scheme from a choice of multiple such schemes by which to authenticate the user before granting the user access to the resource.
Advantageously, the improved techniques provide an intelligent framework for automatically deciding how authentication operations should be carried out. Continuing the email example above, rather than requiring the user first enter a password and then requiring the user answer a challenge question, the improved techniques, upon evaluating the current environment in which the user is requesting access to the resource, requires some other authentication scheme more appropriate to the environment.
One embodiment is directed to a method of controlling access to a resource. The method includes receiving, by processing circuitry, a stream of usage data from a user device, the stream of usage data including (i) current environmental factors and (ii) current application usage factors, the current environmental factors describing a current environment in which a user is using an application on the user device to request access to a resource, the current application usage factors describing a current application usage behavior exhibited by the user in the current environment. The method also includes generating, by the processing circuitry, a familiarity score based on the current environmental factors and the current application usage factors, the familiarity score indicating whether the current application usage behavior exhibited by the user in the current environment is anomalous. The method further includes selecting, by the processing circuitry, an authentication scheme from multiple selectable authentication schemes by which to authenticate the user before granting the user access to the resource, the authentication scheme being selected based on the familiarity score and the resource.
Additionally, some embodiments are directed to a system constructed and arranged to control access to a resource. The system includes memory and controlling circuitry constructed and arranged to carry out a method of controlling access to a resource.
Further, some embodiments are directed to a computer program product having a non-transitory computer readable storage medium that stores instructions which, when executed by a computer, cause the computer to carry out the method of controlling access to a resource.
The foregoing and other objects, features and advantages will be apparent from the following description of particular embodiments of the invention, as illustrated in the accompanying figures in which like reference characters refer to the same parts throughout the different views.
Improved techniques of controlling access to a resource involve selecting an authentication scheme for authenticating a user based on an environmental context in which the user is requesting access to the resource. Advantageously, the improved techniques provide an intelligent framework for automatically deciding how authentication operations should be carried out.
The user device 110 is configured to run applications that request access to the resource 180 via electronic network 160 and send application usage data 112 to the access control server 120. Typically, the user device 110 is a mobile device such as a smartphone, PDA, or tablet computer. However, in some arrangements, the user device 110 may be a desktop or laptop computer. For example, user 114 on the user device 110, e.g., a smartphone, may operate an email program in the process of requesting access to a confidential document. While the user 114 is operating the email program on the smartphone 110, the smartphone may send application usage data 112 to the access control server 120.
The application usage data 112 includes environmental factors 172 and application usage factors 174. The environmental factors 172 describe the environment in which the user 114 is operating an application on the user device 110. Examples of the environmental factors 172 include the following:
The communications medium 160 provides network connections between the access control server 120 and the user device 110. The electronic network 160 may implement any of a variety of protocols and topologies that are in common use for communications over the Internet or other networks. Further, the electronic network 160 may include various components (e.g., cables, switches/routers, gateways/bridges, etc.) that are used in such communications.
The access control server 120 is configured to control access to the resource 180 by (i) generating a set of model environmental contexts 134 based on training data sent from the user device 110 and (ii) applying the model environmental contexts 134 to received application usage data 112 to select an authentication scheme 146 for authenticating the user 114. It should be understood that one possible authentication scheme 110 is no authentication operation. As illustrated in
The access control server 120 is seen to include one or more network interfaces 122, a set of processing units 124, and memory 126. The network interfaces 122 include, for example, Ethernet adapters, Token Ring adapters, and the like, for converting electronic and/or optical signals received from the electronic network 160 to electronic form for use by the UBA server 120. The set of processing units 124 include one or more processing chips and/or assemblies. The memory 126 includes both volatile memory (e.g., RAM), and non-volatile memory, such as one or more ROMs, disk drives, solid state drives, and the like. The set of processing units 124 and the memory 126 together form control circuitry, which is constructed and arranged to carry out various methods and functions as described herein.
The memory 126 includes a variety of software constructs realized in the form of executable instructions, such as a model generation manager 130, a model application manager 140, a model adjustment manager 150, and an application data separator 170. When the executable instructions are run by the set of processing units 124, the set of processing units 124 are caused to carry out the operations of the software constructs. Although certain software constructs are specifically shown and described, it is understood that the memory 126 typically includes many other software constructs, which are not shown, such as an operating system, various applications, processes, and daemons, for example. The memory 126 is also constructed and arranged to store various data.
The model generation manager 130 is a software construct configured to take as input training data received over a period of time and derive environmental contexts 134 as well as expected application usage behavior 136 in each of the environmental contexts 134. To accomplish this, the model generation manager 130 includes an unsupervised learning manager 132 that performs the learning necessary to define the contexts 134 and the expected usage 136.
The unsupervised learning manager 132 is a software construct that uses an unsupervised learning algorithm to discover the environmental contexts 134, e.g., Context A, Context B, . . . , Context M. It should be understood that each of the environmental contexts 134 corresponds to an expected set of environmental factors resulting from the training data. Further, the expected application usage behavior 136 includes sets of application usage factors such that each set of application usage factors corresponds to a respective environmental context 134.
The model application manager 140 is a software construct configured to apply the environmental contexts 134 and expected application usage behavior 136 to current environmental factors 172 and application usage factors 174 in order to determine the best authentication scheme 146 for the user 114. The model application 140 includes other software constructs such as a context selection manager 142 and a familiarity scoring manager 144, as well as a list of authentication schemes 146 and a familiarity score 148 from which an authentication scheme is selected.
The context selection manager 142 is a software construct configured to provide a measure of closeness between the current environmental factors 172 and the expected environmental factors of each of the environmental contexts 134. In some arrangements, the measure of closeness is a deviation from an expected environmental factor. Such a deviation may take the form of a probability factor indicating a probability that the current environmental factors describes expected environmental factors of the specific environmental context.
The familiarity scoring manager 144 is a software construct configured to generate a familiarity score 148 from the closeness measures output by the context selection manager 142, the application usage factors 174, and the expected usage behavior factors 136. In some arrangements, the familiarity score 148 is generated by the familiarity scoring manager using specific probability distribution functions derived by the model generation manager during the learning process described above.
The authentication schemes 146 are data describing various authentication techniques, along with measures of their usability and security. These measures are encapsulated in the usability indices 146a and security indices 146b. Examples of the authentication schemes 146 and their indices are as follows in Table 1:
Note that, in this example, the usuability and security indices are numbers between 1 and 10. These numbers are determined from the familiarity score 148.
The model adjustment manager 150 is a software construct configured to adjust the environmental contexts 134 and the expected usage behavior factors 136 based on the application usage data 112, a selected authentication scheme 152, and an authentication result 154.
The application usage data separator 170 is a software construct configured to separate the application usage data 112 into the environmental factors 172 and the application usage factors 174. The separator 170 performs a separation through an identification process: each factor in the application usage data carries an identifier and the separator 170 operates on such an identifier.
During example operation, in a training phase, the user device 110 sends training data in the form of typical application usage data 112 generated by an application running on the user device 110 and operated by the user 114. For example, the training phase might be a 30-day period in which the model generation manager 130 takes in data 112 without attempting to authenticate the user 114, i.e., assuming that the user 114 is indeed authentic. Further details concerning the training phase are described with regard to
The model generation manager 130 inputs the environmental factors 214 into the unsupervised learning manager 132 and generates a relatively small number of contexts 134 Cj={y1, y2, . . . , ym}, where the small letters yk denote possible values of the factors Yk. For example, one context C1 might describe an environment in an office during the workweek, while another context C2 might describe an environment at home during the weekend. The model generation manager 130 may also compute probabilities of each context.
The model generation manager 130 then uses the derived contexts 134 and usage factors 216 to derive an estimate of the probability that the usage factors take on values of usage factors 216 {x1, x2, . . . , xm} given a particular context 134, or Pr(X1=x1, X2=x2, . . . , Xd=xd|Cj). The model generation manager estimates these probabilities by assuming a particular functional form of the probability distribution function
where is a normal distribution, πk is a weight, μk is a vector of mean values of the application usage factors, and Σk is a covariance matrix for that context. These parameters so far are unknown.
To determine the probability distribution function for each context 134, the model generation manager 130 inputs the contexts 134 and the usage factors 216 into a contextual learning module 210. The contextual learning module 210 is a software construct configured to determine the cluster number K 214 of normal distributions in the probability distribution and includes a clustering module 212. The clustering module 212 determines the cluster number 214 by performing a cluster analysis on the usage factors 216.
The contextual learning module 210 then inputs the cluster number 214 as well as the usage factors 216 in each cluster into a probability distribution function generation module 220. The probability distribution function generation module 220 is a software construct that determines the values of the parameters πk, μk, and Σk for each normal distribution, k∈{1, 2, . . . , K}. The probability distribution function generation module 220 includes an Expectation Maximization Module 222 which uses an expectation-maximization (EM) algorithm to determine the values of the weights πk (224), the mean usage factors μk(226), and the covariance matrix Σk (228) for each normal distribution. As the EM algorithm is well known in the art, it will not be discussed further here.
To summarize, the model generation manager 130 has defined each context 134 and has associated a probability distribution with that context. In this way, the model generation manager 130 can define a measure of closeness as a value of the probability distribution.
Again, the application usage data separator 170 produces the environmental factors 314 and the usage factors 316 from the current usage data 312. From the environmental factors 314, the context selection manager 142 produces environmental context probability factors 320 for each of the contexts 134 (i.e., Probability Factor A1 for Context A, Probability Factor B1 for Context B, and so on). Each of the environmental context probability factors 320 represents the probability Pr(Cj|Y1=y1, Y2=y2, . . . , Ym=ym)=Pr(Cj|y) of that corresponding context Cj occurring given the environmental factors 314 taken from the current usage data 312.
In addition, the familiarity scoring manager 144 uses the previously derived probability distribution functions 340 that contain the weights 224, mean usage factors 226, and covariance matrices 228 (i.e., parameters πk, μk, and Σkk∈{1, 2, . . . , Kj} for each context Cj) to compute usage context probability factors 330 for that context Cj (i.e., Probability Factor A2 for Context A, Probability Factor B2 for Context B, and so on). Each of the usage context probability factors 330 represents that probability Pr(X1=x1, X2=x2, . . . , Xd=xd|Cj)=p (x|Cj) of the usage factors taking on the values x1, x2, . . . , xd from the usage factors 316 given the context Cj.
In some arrangements, the usage context probability factors 330 are modified to represent local familiarity scores fam(x|Cj) for fixed contexts 134 as follows. The familiarity scoring manager 144 first computes
where γ is a parameter that indicates a minimum support for which a local mixture would be representative. The usage context probability factor 330 are then modified to take the value fam(x|Cj)=max{p(x|Cj), Local(x|Cj)}.
Once the environmental context probability factors 320 and the usage context probability factor 330 have been generated, the familiarity scoring manager 144 produces triples {Cj, Pr(Cj|y) fam(x|Cj)}. For example, Table 2 lists examples of such triples over the contexts 134.
The familiarity scoring manager 144 produces the familiarity score 148 using the following formula:
For example, using the data shown in Table 2, the familiarity score 148 for the contexts shown is 0.63.
The model application manager 140 then maps the familiarity score 148 to values of the usability indices 146a and security indices 146b to select an authentication scheme 146 by which to authenticate the user 114. Thus, the model application manager 140 ultimately selects an authentication scheme 146 based on comparisons between the current usage data 312 and the expected usage data in context.
In example operation, the model adjustment manager 150 performs a supervised learning operation on the contexts 134 via the contextual learning module 210. The effect here is to adjust the expected environmental factors of each context based on the input. However, in some arrangements, new contexts may be created and old ones deleted based on this input. When new contexts are created or old ones deleted, the contextual learning module 210 produces a new cluster number 414.
Further, the model adjustment manager 150 performs a supervised learning operation on the on the probability distributions for each context via the probability distribution function generation module 220. The result of the supervised learning are adjusted weights 424, means 426, and covariance matrices 428.
At 510, a stream of usage data is received from a user device. The stream of usage data includes (i) current environmental factors describing a current environment in which a user is using an application on the user device to request access to a resource and (ii) current application usage factors describing a current application usage behavior exhibited by the user in the current environment.
At 520, a familiarity score based on the current environmental factors and the current application usage factors is generated, the familiarity score indicating whether the current application usage behavior exhibited by the user in the current environment is anomalous.
At 530, an authentication scheme is selected from multiple selectable authentication schemes by which to authenticate the user before granting the user access to the resource, the authentication scheme being selected based on the familiarity score and the resource.
Improved techniques have been described for controlling access to a resource. Such techniques involve outputting a decision indicating whether to authenticate a user based on a user's application usage behavior in a particular environmental context. Advantageously, the improved techniques reduce the burden of too-frequent authentication on a user who requires access to a resource while improving security.
Having described certain embodiments, numerous alternate embodiments or variations can be made. For example, the probability distributions described herein have been normal distributions. However, other distributions such as Bernoulli distributions may be used instead.
One should appreciate that the above-described techniques do not merely compute a familiarity score in order to control access to data. Rather, the disclosed techniques involve an improvement to an industrial process, namely securing electronic resources in a machine.
In some arrangements, the access control server 120 is implemented by a set of cores or other types of control/processing circuitry running software. In such arrangements, the software instructions can be delivered, within the access control server 120, in the form of a computer program product 540. Alternative examples of suitable computer readable storage media include tangible articles of manufacture and apparatus such as CD-ROM, flash memory, disk memory, tape memory, and the like.
While various embodiments of the invention have been particularly shown and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
The individual features of the various embodiments, examples, and implementations disclosed within this document can be combined in any desired manner that makes technological sense. Furthermore, the individual features are hereby combined in this manner to form all possible combinations, permutations and variants except to the extent that such combinations, permutations and/or variants have been explicitly excluded or are impractical. Support for such combinations, permutations and variants is intended to be set forth in this document.
| Number | Name | Date | Kind |
|---|---|---|---|
| 8272033 | Wasmund | Sep 2012 | B2 |
| 9160726 | Kaufman et al. | Oct 2015 | B1 |
| 9163962 | Ainsworth | Oct 2015 | B2 |
| 9185101 | Grigg | Nov 2015 | B2 |
| 9275211 | Stubblefield | Mar 2016 | B2 |
| 9305151 | Dotan et al. | Apr 2016 | B1 |
| 9305298 | Wilson | Apr 2016 | B2 |
| 9325719 | Lloyd | Apr 2016 | B2 |
| 9331994 | Grigg et al. | May 2016 | B2 |
| 9342677 | Ali et al. | May 2016 | B2 |
| 9572036 | Meredith | Feb 2017 | B2 |
| 20080092209 | Davis | Apr 2008 | A1 |
| 20080155651 | Wasmund | Jun 2008 | A1 |
| 20090249443 | Fitzgerald | Oct 2009 | A1 |
| 20120180124 | Dallas | Jul 2012 | A1 |
| 20140289821 | Wilson | Sep 2014 | A1 |
| 20140289833 | Briceno | Sep 2014 | A1 |
| 20150229624 | Grigg | Aug 2015 | A1 |
| 20160127342 | Weerasuriya | May 2016 | A1 |
| 20160150413 | Meredith | May 2016 | A1 |
| 20160285855 | Stubblefield | Sep 2016 | A1 |
| 20170171216 | Chhabra | Jun 2017 | A1 |
