US 12,437,050 B2
PEEiRS: passive evaluation of endpoint identity and risk as a surrogate authentication factor
Jared Nussbaum, New York, NY (US)
Appl. No. 16/987,559
Filed by Jared Nussbaum, New York, NY (US)
PCT Filed Feb. 8, 2019, PCT No. PCT/US2019/017285
§ 371(c)(1), (2) Date Aug. 7, 2020,
PCT Pub. No. WO2019/157333, PCT Pub. Date Aug. 15, 2019.
Claims priority of provisional application 62/628,058, filed on Feb. 8, 2018.
Claims priority of provisional application 62/714,148, filed on Aug. 3, 2018.
Prior Publication US 2024/0419771 A1, Dec. 19, 2024
Int. Cl. G06F 21/00 (2013.01); G06F 21/34 (2013.01); G06F 21/41 (2013.01); G06F 21/57 (2013.01); G06F 21/10 (2013.01); G06F 21/35 (2013.01); H04L 29/06 (2006.01); H04L 29/08 (2006.01)
CPC G06F 21/34 (2013.01) [G06F 21/41 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method of providing an application, remote computing resource, or identity provider agnostic means of significantly enriching and supporting a primary authentication or authorization of a user identity, or in effect, a passive secondary authentication, for a user's use of such resources, and with no end-user interaction required for such passive secondary authentication to be asserted, comprising the steps of:
a. using a first preloaded application on a user's endpoint device, a PEEIRS Agent, periodically collecting, independent of end-user interaction or awareness, at least one or more of the following variables including:
(i) the likelihood of the stated user being at or near the keyboard of the device,
(ii) the trustworthiness, ownership, and security posture of the device,
(iii) the trustworthiness of the computing environment and communications infrastructure in which the user's endpoint is operating,
(iv) the legitimacy and authenticity of the remote server(s) which the device is communicating with, and
(v) when a user is attempting to logon and authenticate to a remote computing resource;
b. using the PEEIRS Agent for monitoring for a user's attempt to logon to, or otherwise access a remote computing resource or identity provider, to collect at least one of the above noted variables, and to pass them to a second preloaded application, a PEEIRS Identity Witness, which is previously installed on a mobile device;
c. the PEEIRS Identity Witness receives information collected by the PEEIRS Agent and independent of active user interaction:
(i) determines the last time the authenticating user unlocked the mobile device with biometrics such as fingerprint or facial recognition;
(ii) digitally signs or encrypts some or all data to be communicated between the user's endpoint, and the PEEIRS Authentication server, and
(iii) measures the proximity between the personal computer and such separate user mobile device to assert when the user is, or is not, near the keyboard of the authenticating endpoint device; and
d. using a third preloaded application, a PEEIRS Authentication Server for receiving the aforementioned information produced by the PEEIRS Agent and signed or encrypted by the PEEIRS Identity Witness, and which provides a passive secondary authentication or assertion, with or without calculating a corresponding risk rating, for a user and their authenticating endpoint device when it attempts a connection to a remote computing resource, by performing at least one of the following steps:
(i) evaluating variables representative of the user's endpoint security posture,
(ii) verifying the digital signature of the user's separate authenticating mobile device,
(iii) verifying information about the user's device against a pre-populated asset database,
(iv) verifying the information about the user against a pre-populated user database, and
(v) responding to the remote computing resource or identity provider's request to authenticate or assert the user's identity if properly verified and the determined level of risk found to be below a predetermined value for any given remote computing resource being accessed.