1. Field of the Invention
The present invention relates in general to the field of information handling system security, and more particularly to context analysis at information handling system to manage authentication cycles.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems often store sensitive information, such as information about finances, trade secrets, health, family, etc., that is protected by various security arrangements. Often, sensitive information is password protected to prevent unauthorized access. Password protection starts at a hardware level, such as a BIOS password required to start-up an information handling system, and extends to individual files and applications loaded on an information handling system, such as password protected financial applications. Additional passwords are typically used to protect network-accessible items, such as network storage at a remote server, financial websites and VPN accesses. Password protection provides “what you know” security by forcing an end user to input a unique code to obtain access to information or functions. Another type of protection is “what you have” protection, which depends upon hardware and/or software “tokens” to obtain access to information. For example, a hardware device on an information handling system generates passwords to provide access to information or functions protected by a mated hardware device at an information handling system that supports the information or functions. When an end user saves passwords on an information handling system, such as with saved logins for websites, the information handling system itself essentially becomes a hardware token to access the websites. A “where you are” protection restricts information or function access based upon the location of the information handling system, such as a location within an enterprise that has restricted access. Another type of protection is “who you are” security that measures biometrics, such as a fingerprint of an end user, to restrict access to information or functions.
Generally, information security focuses on authentication of an end user and assumes that the end user has authorization to access information once authentication is provided. Typically, once an end user provides authentication, the information handling system provides free access to information based upon the authentication as long as the end user actively uses the information handling system. If an end user steps away from the information handling system, the end user may secure the information handling system from access in a number of different ways. One way is to simply power off the system until the end user returns, however, this can introduce inconvenience in that the end user must remember to power down the system and wait to restart the system. Another way is to lock access to the information handling system while the end user steps away, such as with a secure operating system or BIOS based screen saver or blank screen. If an end user is using a clamshell portable system, closing the lid will typically lock the system by causing entry to an S3 standby state that requires a password to recover. Many newer tablet systems do not have a lid to close to initiate a standby state, although some tablets include a similar magnetic sensing option with supporting accessories, such as carrying cases that simulate a clamshell housing and keyboard. Generally, most information handling systems will enter a standby state or its equivalent after a certain amount of time has passed in order to conserve power, and, as a side result, secure the system with a passcode. A typical timeout period for entry to a secure state is 15 minutes of idle time at the information handling system.
Information handling systems have shrunk in size and increased in processing capabilities so that the smartphones available today have the processing capabilities of desktops of the recent past. Although this has provided increased convenience to end users, it has also made portable systems more susceptible to theft and the consequences of theft more serious. For example, smartphones and tablets often include applications designed to provide an end user with secure access to information, such as financial services and enterprise trade secrets. Further, smartphones and tablets often include web browsers with saved passwords that provide access to sensitive information, such as bank accounts, brokerage accounts, medical records, etc. In addition, smartphones and tablets typically include access to email accounts that include emails with sensitive information. If an end user leaves a portable information handling system in an unsecure location and the system is stolen before a power state timeout, then the thief may have access to all of the information available to the end user. For instance, if a fifteen minute timeout exists and an end user steps away to get a coffee when the system is stolen, the thief may have ten or more minutes to begin interacting with the system so that the end user's authentication will stay “alive.” Once the thief has access, he can keep authentication alive by making inconsequential inputs at the system until he can secret the system away to another location. As one example, a thief can establish a login through Windows 8 Live ID single sign-on and, via LiveID credentials, can obtain skydrive and Hotmail accounts that are both authenticated and unlocked. In many typical scenarios, only a fifteen minute timeout separates a thief from extensive access to the data available through an authenticated information handling system.