Search

US-12619691-B2 - Extending EAP for supporting generative AI challenges

US12619691B2US 12619691 B2US12619691 B2US 12619691B2US-12619691-B2

Abstract

Techniques for extending EAP for supporting generative AI challenge-response for secure access are described. The techniques may be performed at least in part by an authentication server. An indication of a request for a user account to access the network resource via a user device is received. A determination that the user device supports generative AI challenge-response authentication id determined. A posture of the user device is determined. Based at least in part on the device posture, parameters for generating a generative AI challenge-response are determined. The parameters include at least one of a level of hallucination for, and a type of, challenge response to generate, and are transmitted to a generative AI engine. The generative AI challenge-response is received from the generative AI engine and caused to be output by the user device.

Inventors

  • Srinath Gundavelli
  • Avinash Kalyanaraman
  • Arman Rezaee
  • Pradeep Kumar Kathail

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260505
Application Date
20240110

Claims (20)

  1. 1 . A method for extending Extensible Authentication Protocol (EAP) for supporting generative AI challenge-responses and performed at least in part by an authentication server, the method comprising: receiving, from a network resource, an indication of a request for a user account to access the network resource via a user device; determining that the user device supports generative AI challenge-response authentication; determining a device posture of the user device; based at least in part on the device posture, determining parameters for generative AI challenge-response generation, the parameters including at least a level of hallucination; transmitting, to a generative AI engine, the parameters for generating the generative AI challenge-response; receiving, from the generative AI engine, the generative AI challenge-response for the user account to access the network resource via the user device; and causing a challenge prompt from the generative AI challenge-response to be output by the user device.
  2. 2 . The method of claim 1 wherein the network resource is a wireless network and an authentication protocol used to connect the user device to the wireless network is an extensible authentication protocol (EAP) protocol.
  3. 3 . The method of claim 1 wherein the parameters further include a type of challenge-response, and wherein the type of challenge-response parameter is at least one of image, audio, or text.
  4. 4 . The method of claim 1 wherein the challenge-response is generated by the generative AI engine and based at least in part on a memorable event experienced by a user of the user account during a predetermined time period.
  5. 5 . The method of claim 4 wherein the challenge prompt output by the user device is at least one of a set of images displayed on the user device, text in question form displayed on the user device, or audio in question form output from a speaker of the user device.
  6. 6 . The method of claim 5 wherein the challenge prompt comprises a real visual image associated with the memorable event experienced by the user, and one or more plausible visual images generated by the generative AI engine and based at least in part on a hallucination parameter.
  7. 7 . The method of claim 4 wherein the predetermined time period is a current day, and the challenge-response is based on a memorable event experienced by the user of the user account during the current day and prior to a current time.
  8. 8 . A system comprising: one or more processors; and one or more non-transitory computer-readable media storing instructions that, when executed, cause the one or more processors to perform operations comprising: receiving, from a network resource, an indication of a request for a user account to access the network resource via a user device; determining that the user device supports generative AI challenge-response authentication; determining a device posture of the user device; based at least in part on the device posture, determining parameters for generative AI challenge-response generation, the parameters including at least a level of hallucination; transmitting, to a generative AI engine, the parameters for generating the generative AI challenge-response; receiving, from the generative AI engine, the generative AI challenge-response for the user account to access the network resource via the user device; and causing a challenge prompt from the generative AI challenge-response to be output by the user device.
  9. 9 . The system of claim 8 , wherein the network resource is a wireless network and an authentication protocol used to connect the user device to the wireless network is an extensible authentication protocol (EAP) protocol.
  10. 10 . The system of claim 8 , wherein the parameters further include a type of challenge-response, and wherein the type of challenge-response parameter is at least one of image, audio, or text.
  11. 11 . The system of claim 8 , wherein the challenge-response is generated by the generative AI engine and based at least in part on a memorable event experienced by a user of the user account during a predetermined time period.
  12. 12 . The system of claim 11 , wherein the challenge prompt output by the user device is at least one of a set of images displayed on the user device, text in question form displayed on the user device, or audio in question form output from a speaker of the user device.
  13. 13 . The system of claim 12 , wherein the challenge prompt comprises a real visual image associated with the memorable event experienced by the user, and one or more plausible visual images generated by the generative AI engine and based at least in part on a hallucination parameter.
  14. 14 . The system of claim 11 , wherein the predetermined time period is a current day, and the challenge-response is based on a memorable event experienced by the user of the user account during the current day and prior to a current time.
  15. 15 . One or more non-transitory computer-readable media storing instructions that, when executed, cause one or more processors to perform operations comprising: receiving, from a network resource, an indication of a request for a user account to access the network resource via a user device; determining that the user device supports generative AI challenge-response authentication; determining a device posture of the user device; based at least in part on the device posture, determining parameters for generative AI challenge-response generation, the parameters including at least a level of hallucination; transmitting, to a generative AI engine, the parameters for generating the generative AI challenge-response; receiving, from the generative AI engine, the generative AI challenge-response for the user account to access the network resource via the user device; and causing a challenge prompt from the generative AI challenge-response to be output by the user device.
  16. 16 . The one or more non-transitory computer-readable media of claim 15 , wherein the network resource is a wireless network and an authentication protocol used to connect the user device to the wireless network is an extensible authentication protocol (EAP) protocol.
  17. 17 . The one or more non-transitory computer-readable media of claim 15 , wherein the parameters further include a type of challenge-response, and wherein the type of challenge-response parameter is at least one of image, audio, or text.
  18. 18 . The one or more non-transitory computer-readable media of claim 15 , wherein the challenge-response is generated by the generative AI engine and based at least in part on a memorable event experienced by a user of the user account during a predetermined time period.
  19. 19 . The one or more non-transitory computer-readable media of claim 18 , wherein the challenge prompt output by the user device is at least one of a set of images displayed on the user device, text in question form displayed on the user device, or audio in question form output from a speaker of the user device.
  20. 20 . The one or more non-transitory computer-readable media of claim 19 , wherein the challenge prompt comprises a real visual image associated with the memorable event experienced by the user, and one or more plausible visual images generated by the generative AI engine and based at least in part on a hallucination parameter.

Description

TECHNICAL FIELD The present disclosure relates generally to techniques for, among other things, leveraging an AI driven system for determining memorable experiences of a user from real-world events throughout a given period of time, using hallucination for generating other plausible events based on the real events, and using the real memorable experience and plausible experiences to generate a challenge prompt for secure access. BACKGROUND Authentication is a critical component of digital security systems, serving as the first line of defense in verifying the identity of users, devices, or systems. Authentication mechanisms prevent unauthorized access to sensitive information and resources, and provide non-repudiation by preventing an involved party from denying their actions. Authentication is also a vital companion to various encryption mechanisms that maintain integrity and confidentiality of data during transmission. In the past, user authentication systems were largely password based. However, passwords often fall into two extremes, they are either too simple resulting in weak, reused, or easily guessed passwords, making them susceptible to brute force dictionary attacks, or they are excessively complicated, leading to difficulties for users in memorizing them. A considerable number of security attacks result from suboptimal password practices. Weak passwords are accountable for a significant proportion of these attacks, granting hackers an easy path into sensitive systems. Today, stronger security measures are taken using Multi-Factor Authentication (MFA) techniques, biometric or behavioral authentication, certificate-based authentication, hardware tokens or smart cards, etc. Biometric authentication uses unique physical characteristics such as fingerprints or iris scans for user identification. Behavioral authentication analyses user behavior, such as typing speed, mouse movements, or navigation patterns to create a user profile and if the user behavior deviates significantly from the profile, it is considered to be an indication of impersonation or unauthorized access. Biometric and behavior authentication methods have often been used to make a binary decision, in other words, does the biometric or behavior signal coming from the user match their pre-verified profile, yes or no? Another type of security measure is Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). These tests use a measure known as challenge-response authentication. A typical CAPTCHA test is made up of two simple parts, a randomly generated sequence of letters and/or numbers that appear as a distorted image, and a text box. A user must type the characters in the text box to pass the test and prove that they are a human. Traditionally, the challenge issued by an authentication server come from a predetermined and static corpus of “approved challenges.” Additionally, given that these challenges are constructed based on general information, an AI system can easily produce the correct response. For example, a typical challenge may be “identify all squares with a bicycle,” and an AI system with image processing capability can easily solve the challenge. BRIEF DESCRIPTION OF THE DRAWINGS The detailed description is set forth below with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items. The systems depicted in the accompanying figures are not to scale and components within the figures may be depicted not to scale with each other. FIG. 1 illustrates an example architecture that may implement various aspects of the technologies directed to leveraging a memorable experience of a user for secure access to a network resource. FIG. 2 illustrates an example of a memorable experience of a user, determined using sensor data associated with the user, incorporated into a visual challenge prompt along with various AI generated images of plausible experiences. FIG. 3 illustrates an example of an audio challenge prompt based on a memorable experience of user that is determined using sensor data associated with the user. FIG. 4 illustrates an example architecture that may implement various aspects of the technologies directed to determining whether an event experienced by a user is a positive memorable experience for the user. FIG. 5 illustrates and example architecture that may implement various aspects of the technologies directed to generating plausible events for use in a challenge-response for secure access to a network resource. FIG. 6 illustrates an example of step-by-step communication for extending EAP for supporting generative AI challenges for secure access. FIG. 7 is a flow diagram illustrating an example method associated with the techniques described herein for leveraging a memorable experience of