Sign up to uncover the latest in emerging technology.
Bad news for anyone that bought a WFH mouse jiggler: Microsoft wants to know that there’s actually a person sitting behind the screen.
The company is seeking to patent a method of verifying network communications using what it calls “proof of presence.” This tech allows communication between two devices on a network by verifying that the right person is actually physically on the other end of the screen to receive the message.
One example Microsoft outlined to make this work is biometric authentication. For instance, if a user wants to receive a message using this system, they may be prompted to allow their device to take a photo of them, which would then be compared with a “previously captured biometric of the user.” The system would expect a “certain level of difference” between each biometric, aiming to catch if the information was stolen (i.e., if a bad actor used the same photo of a user twice to gain access to the system).
Microsoft said this kind of tech aims to cut down on phishing attacks and security breaches by requiring users to regularly verify who they are communicating with.
“That makes it far more difficult for another user to step in and pretend to be the particular trusted entity (and thereby fraudulently elicit sensitive information),” Microsoft noted.
While biometric authentication isn’t novel in and of itself, Microsoft’s application of it could make remote access to sensitive files much easier and much more secure, said Patrick Juola, Ph.D., professor of computer science and cybersecurity studies coordinator at Duquesne University.
“This lets you do things at one step removed,” Juola said. “It’s easier for me to validate myself across an insecure channel – I don’t have to worry about some criminal at an internet café.”
But one roadblock in Microsoft’s security plan is ensuring that this tech is actually secure. While the company’s patent filing claims that this tech has bulwarks in place for stolen biometrics, security systems that promise this level of safety need to be unwavering, especially when dealing with sensitive and private communications. Otherwise, customers are using tech that isn’t as strong as Microsoft claims, it could lead to users trusting a flawed security system and taking risks they otherwise wouldn’t, Juola said.
“Before you look at any security system, the first question you have to ask is, ‘How could this be broken up?’” He said. “That’s the first question the bad guys are going to ask, but they’re not just going to ask, they’re going to try it out.”
Microsoft has a lot of incentive to up its security game. For one, the company may be attempting to right its wrongs, having suffered several data breaches in recent years, including a recent leak of 2.4 terabytes of vulnerable data, affecting more than 65,000 companies and 548,000 users from October.
But an even bigger incentive could be the massive moneymaker that patenting this tech could present, Juola said.
“With Microsoft Word, the docx format has established itself as a standard,” he said. “They’re hoping that this particular system will end up becoming a standard, so that anyone who wants to remotely authenticate themselves will license this system from Microsoft.”
Have any comments, tips or suggestions? Drop us a line! Email at admin@patentdrop.xyz or shoot us a DM on Twitter @patentdrop. If you want to get Patent Drop in your inbox, click here to subscribe.