Search

CA-3130056-C - AUTHENTICATION USING WIRELESS SENSING

CA3130056CCA 3130056 CCA3130056 CCA 3130056CCA-3130056-C

Abstract

In some examples, a system receives information based on wireless sensing performed using wireless signals of a wireless interface of a wireless node, the wireless interface of the wireless node to communicate data over a wireless connection established with another wireless device. The system performs authentication in response to the received information.

Inventors

  • James Randolph Winter Lepp
  • Stephen McCann
  • Michael Peter Montemurro

Assignees

  • BLACKBERRY LIMITED

Dates

Publication Date
20260505
Application Date
20210907
Priority Date
20210903

Claims (13)

  1. 16 What is claimed is: 1. A method performed at a wireless node, comprising: performing wireless sensing of an object using wireless signals of a wireless interface of the wireless node; communicating data over a wireless connection established with another wireless device via the wireless interface; acquiring wireless sensing information based on the wireless sensing of the object; and communicating the wireless sensing information over a standard interface of the wireless node to an end-point device; wherein the end-point device provides the wireless sensing information to an authentication system for performing authentication.
  2. 2. The method of claim 1, wherein the wireless sensing comprises one or more of: wireless local area network (WLAN) sensing using WLAN signals, wireless sensing using BLUETOOTH signals, wireless sensing using ZIGBEE signals, wireless sensing using Dedicated Short Range Communications (DSRC) signals, and wireless sensing using wireless sensing using cellular signals.
  3. 3. The method of claim 1, wherein the standardized interface comprises an application programming interface (API).
  4. 4. The method of claim 1, further comprising: prior to said performing, receiving a request to perform a security check based on wireless sensing of an environment.
  5. 5. The method of claim 1, wherein the wireless sensing information is received based on a passive sense mode of the wireless node. 17
  6. 6. The method of claim 1, wherein the wireless sensing information comprises biometric information of a user, and the authentication relates to the user based on the biometric information.
  7. 7. The method of claim 1, further comprising: storing a pattern of wireless sensing information; and initiating a process to perform the authentication based on the pattern of wireless sensing information.
  8. 8. The method of claim 7, wherein the pattern of wireless sensing information is based on a motion of a user.
  9. 9. The method of claim 7, wherein the pattern of wireless sensing information is based on a biometric feature of a user.
  10. 10. The method of claim 1, further comprising: communicating, to the end-point device, further information regarding antenna or power characteristics based on the wireless signals of the wireless interface of the wireless node, wherein the authentication is further based on the further information.
  11. 11. The method of claim 1, wherein the authentication comprises Zero Trust authentication.
  12. 12. A wireless node comprising: a processor; and a communications subsystem; wherein the wireless node is configured to perform the method of any one of claims 1 to 11.
  13. 13. A non-transitory storage medium storing instructions that upon execution cause a wireless node to perform the method of any one of claims 1 to 11.

Description

1 AUTHENTICATION USING WIRELESS SENSING Background [0001] A user can use an electronic device to perform various tasks, including tasks at the electronic device or tasks that involve accessing a remote site (e.g., a website, an application server, a database server, a storage server, etc.). For security, the user can be authenticated before access of the electronic device is granted to the user. Examples of such authentication include an authentication based on receipt of a user credential (e.g., a user identifier and password, a certificate, a token, etc.), an authentication based on receipt of biometric information from a biometric reader (e.g., a fingerprint reader, an iris scanner, a camera, etc.), and so forth. Brief Description of the Drawings [0002] Some implementations of the present disclosure are described with respect to the following figures. [0003] Fig. 1 is a block diagram of an example arrangement including a Zero Trust system, an end point device, a wireless node, and a target object, according to some implementations of the present disclosure. [0004] Figs. 2 and 3 are message flow diagrams of security check processes, according to some examples. [0005] [0006] Fig. 4 is a block diagram of a system according to some examples. Throughout the drawings, identical reference numbers designate similar, but not necessarily identical, elements. The figures are not necessarily to scale, and the size of some parts may be exaggerated to more clearly illustrate the example shown. Moreover, the drawings provide examples and/or implementations consistent with the description; however, the description is not limited to the examples and/or implementations provided in the drawings. Date Re9ue/Date Received 2021-09-07 2 Detailed Description [0007] In the present disclosure, use of the term "a," "an," or "the" is intended to include the plural forms as well, unless the context clearly indicates otherwise. Also, the term "includes," "including," "comprises," "comprising," "have," or "having" when used in this disclosure specifies the presence of the stated elements, but do not preclude the presence or addition of other elements. [0008] [0009] 1 . Background Zero Trust is a security term stating that no entity should be trusted. When applied to information and communications technology, this means that every connection to a specific device or network (both internal and external) should be verified (authenticated). Verification can range from an initial verification when a connection is established or verification performed on a continuous basis. [001 0] A benefit of Zero Trust is that a network that has been previously secured behind a perimeter fence (e.g., a virtual private network or VPN) can dispense with having to set up the VPN connection and authenticate directly with servers or services both on premises and in the cloud. [0011] In addition, Zero Trust enables traditional firewalls to be moved to a specific device or network that requires security. In turn, this has the benefit of allowing various security levels to be applied to these devices or networks on a more individual basis. [0012] The Defense Information Systems Agency (DISA) has established some Zero Trust principles, as described in "A Perspective: Zero Trust Concepts & Terminology," November 13, 2019: • Never Trust, Always Verify - All users and devices are treated as untrusted. Every device, user, application workload, or data flow is authenticated and explicitly authorized to the least privilege required using dynamic security policies. Date Re9ue/Date Received 2021-09-07 3 • Assume Breach - Consciously operate and defend resources with the assumption that an adversary has a presence within an environment. Deny by default, heavily scrutinize requests for access, users, devices and data flows. All traffic is logged and inspected. • Verify Explicitly -All resources are consistently accessed in a secure manner using multiple attributes (dynamic and static) to derive confidence levels for contextual access to resources. [0013] [0014] 2. Issues To perform multi-factor authentication at an end point device, security hardware may have to be added to the end point device in some examples. An end point device can include a smartphone, a desktop computer, a notebook computer, a tablet computer, a vehicle, or another electronic device. An example of a security hardware is a biometric reader that can be included in the end point device or connected over a link (wired link or wireless link) to the end point device. A biometric reader can include a fingerprint reader, an iris scanner, a camera, and so forth. Another example of a security hardware is a proximity sensor to detect a proximity of a user (or users) to an end point device. [0015] Adding security hardware to an end point device to support multi-factor authentication can add to the overall cost of the end point device. Moreover, a biometric reader, a proximity sensor, or other security hardware ma