Technologies for enhanced user authentication using advanced sensor monitoring
Abstract
Technologies for information security include a computing device with one or more sensors. The computing device may authenticate a user and, after successful authentication, analyze sensor data to determine whether it is likely that the user authenticated under duress. If so, the computing device performs a security operation such as generating an alert or presenting false but plausible data to the user. Additionally or alternatively, the computing device, within a trusted execution environment, may monitor sensor data and apply a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack. For example, the classifier may identify potential user identification fraud. The computing device may trigger a security response if elevated risk of attack is detected. For example, the trusted execution environment may trigger increased authentication requirements or increased anti-theft monitoring for the computing device. Other embodiments are described and claimed.
Claims
exact text as granted — not AI-modified1 . A computing device for coerced authentication response, the computing device comprising:
an authentication module to verify a user authentication factor provided by a user; a coercion detection module to (i) analyze sensor data to generate a coercion detection score in response to verifying the user authentication factor, wherein the sensor data is indicative of a physical condition of the user of the computing device while the user provided the user authentication factor, and (ii) determine whether the coercion detection score has a predetermined relationship to a threshold coercion detection score; and a security response module to perform a security operation in response to a determination that the coercion detection score has the predetermined relationship to the threshold coercion detection score.
2 . The computing device of claim 1 , wherein to analyze the sensor data to generate the coercion detection score comprises to:
analyze sensor data from a plurality of sensors of the computing device; and determine a confidence measure for each sensor of the plurality of sensors, wherein each confidence measure is indicative of a probability that the sensor data from the corresponding sensor is indicative of coercion of the user.
3 . The computing device of claim 2 , wherein to analyze the sensor data to generate the coercion detection score further comprises to determine a weighted average of the plurality of confidence measures.
4 . The computing device of claim 1 , further comprising:
a camera, wherein the sensor data comprises camera data indicative of a facial expression of the user; an audio sensor, wherein the sensor data comprises audio sensor data indicative of a voice pattern of the user; a thermal imaging sensor, wherein the sensor data comprises thermal imaging sensor data indicative of a heart rate or a respiration rate of the user; a skin conductance sensor, wherein the sensor data comprises skin conductance sensor data indicative of a skin conductance of the user; or a heart rate sensor, wherein the sensor data comprises heart rate sensor data indicative of a heart rate of the user.
5 . The computing device of claim 1 , wherein to perform the security operation comprises to:
deny access to user data; and allow access to false data configured to appear to be accurate data.
6 . One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
verify a user authentication factor provided by a user; analyze sensor data to generate a coercion detection score in response to verifying the user authentication factor, wherein the sensor data is indicative of a physical condition of the user of the computing device while the user is providing the authentication factor; determine whether the coercion detection score has a predetermined relationship to a threshold coercion detection score; and perform a security operation in response to determining the coercion detection score has the predetermined relationship to the threshold coercion detection score.
7 . The one or more computer-readable storage media of claim 6 , wherein to analyze the sensor data to generate the coercion detection score comprises to:
analyze sensor data from a plurality of sensors of the computing device; and determine a confidence measure for each sensor of the plurality of sensors, wherein each confidence measure is indicative of a probability that the sensor data from the corresponding sensor is indicative of coercion of the user.
8 . The one or more computer-readable storage media of claim 6 , wherein to perform the security operation comprises to:
deny access to user data; and allow access to false data configured to appear to be accurate data.
9 . A computing device for elevated risk response, the computing device comprising:
a sensor module to monitor, by a trusted execution environment, sensor data from a plurality of sensors of the computing device; a risk classifier module to apply, by the trusted execution environment, a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack to the computing device; and a risk actuator module to trigger, by the trusted execution environment, a security response in response to identification of the elevated risk.
10 . The computing device of claim 9 , wherein the sensor data comprises location data indicative of a location of the computing device.
11 . The computing device of claim 9 , wherein the sensor data comprises soft behavioral biometric data indicative of usage of the computing device by a user.
12 . The computing device of claim 9 , wherein to trigger the security response comprises to power on, by the computing device, one or more additional sensor of the computing device in response to the identification of the elevated risk.
13 . The computing device of claim 12 , wherein the one or more additional sensor comprises a motion sensor, a radio communication subsystem, a location sensor, a camera, or a microphone.
14 . The computing device of claim 9 , wherein to trigger the security response comprises to select a security response based on the elevated risk.
15 . The computing device of claim 9 , wherein to trigger the security response comprises to increase, by the computing device, an authentication requirement of the computing device in response to the identification of the elevated risk.
16 . The computing device of claim 9 , wherein to trigger the security response comprises to:
increase anti-theft monitoring by the computing device in response to the identification of the elevated risk; increase intrusion monitoring by the computing device in response to the identification of the elevated risk; or restrict user access to the computing device in response to the identification of the elevated risk.
17 . The computing device of claim 9 , further comprising a reference server module to:
establish, by the trusted execution environment, a secure connection with a reference server; and receive, by the trusted execution environment, training data for the machine-learning classifier via the secure connection; wherein to apply the machine-learning classifier to the sensor data comprises to supply the training data to the machine-learning classifier.
18 . The computing device of claim 17 , wherein:
the risk classifier module is further to generate, by the trusted execution environment, threat reference data in response to application of the machine-learning classifier, wherein the reference data is indicative of normal usage of the computing device or malicious attack of the computing device; and the reference server module is further to (i) anonymize, by the trusted execution environment, the threat reference data to generate anonymized reference data and (ii) transmit, by the trusted execution environment, the anonymized reference data to the reference server via the secure connection.
19 . One or more computer-readable storage media comprising a plurality of instructions that in response to being executed cause a computing device to:
monitor, by a trusted execution environment of the computing device, sensor data from a plurality of sensors of the computing device; apply, by the trusted execution environment, a machine-learning classifier to the sensor data to identify an elevated risk of malicious attack to the computing device; and identify, by the trusted execution environment, the elevated risk of malicious attack in response to applying the machine-learning classifier; and trigger, by the trusted execution environment, a security response in response to identifying the elevated risk.
20 . The one or more computer-readable storage media of claim 19 , wherein to monitor the sensor data comprises to:
monitor soft behavioral biometric data indicative of usage of the computing device by a user.
21 . The one or more computer-readable storage media of claim 19 , wherein to trigger the security response comprises to power on one or more additional sensor of the computing device in response to identifying the elevated risk.
22 . The one or more computer-readable storage media of claim 19 , wherein to trigger the security response comprises to select a security response based on the elevated risk.
23 . The one or more computer-readable storage media of claim 19 , wherein to trigger the security response comprises to increase an authentication requirement of the computing device in response to identifying the elevated risk.
24 . The one or more computer-readable storage media of claim 19 , further comprising a plurality of instructions that in response to being executed cause the computing device to:
establish, by the trusted execution environment, a secure connection with a reference server; and receive, by the trusted execution environment, training data for the machine-learning classifier via the secure connection; wherein to apply the machine-learning classifier to the sensor data comprises to supply the training data to the machine-learning classifier.
25 . The one or more computer-readable storage media of claim 24 , further comprising a plurality of instructions that in response to being executed cause the computing device to:
generate, by the trusted execution environment, threat reference data in response to applying the machine-learning classifier, wherein the reference data is indicative of normal usage of the computing device or malicious attack of the computing device; anonymize, by the trusted execution environment, the threat reference data to generate anonymized reference data; and transmit, by the trusted execution environment, the anonymized reference data to the reference server via the secure connection.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.