Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph

US 10,187,369 B2
Filed: 03/20/2017
Issued: 01/22/2019
Est. Priority Date: 09/30/2016
Status: Active Grant

First Claim

Patent Images

1. A controller for user authentication and access control, the controller comprising:

at least one microprocessor;

a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and

memory coupled with the at least one microprocessor and storing;

graph data representing a graph having;

nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses;

instructions which, when executed by the at least one microprocessor, cause the controller to process an access made using an access token based on changes to the graph caused by the access, including;

receive, from the computing site, input data specifying details of the access made using the access token;

update the graph according to the input data of the access made using the access token;

identify the changes in the graph resulting from updating the graph according to the input data of the access made using the access token;

identify, for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change;

evaluate trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score;

process the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and

in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement;

identify a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation;

evaluate trustworthiness of second user identities corresponding to the second set of elements; and

process the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies changes in the graph resulting from update. For each of the changes, the controller identifies a set of elements in the graph that are up to a predetermined number of degrees of separate from the change and evaluates the trustworthiness of user identities corresponding to the set of elements identified for the change. Based on the trustworthiness, the controller authenticates the user of the access and/or controls the access.

148 Citations

View as Search Results

17 Claims

1. A controller for user authentication and access control, the controller comprising:
- at least one microprocessor;
  
  a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
  
  memory coupled with the at least one microprocessor and storing;
  
  graph data representing a graph having;
  
  nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses;
  
  instructions which, when executed by the at least one microprocessor, cause the controller to process an access made using an access token based on changes to the graph caused by the access, including;
  
  receive, from the computing site, input data specifying details of the access made using the access token;
  
  update the graph according to the input data of the access made using the access token;
  
  identify the changes in the graph resulting from updating the graph according to the input data of the access made using the access token;
  
  identify, for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change;
  
  evaluate trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score;
  
  process the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and
  
  in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement;
  
  identify a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation;
  
  evaluate trustworthiness of second user identities corresponding to the second set of elements; and
  
  process the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The controller of claim 1, wherein the trustworthiness of the first user identities is evaluated by comparing the first user identities to a list to determine whether any of the first user identities is on the list.
  - 3. The controller of claim 2, wherein the list includes user identities of a predetermined category.
  - 4. The controller of claim 3, wherein the predetermined category is one of:
    - fake, and suspicious.
  - 5. The controller of claim 1, wherein the second set of elements includes the first set of elements.
  - 6. The controller of claim 1, wherein the predetermined requirement is based on a count of a subset of the first user identities that are on a list of user identities of a predetermined category.
  - 7. The controller of claim 6, wherein the controller communicates with the computing site to block the access in response to a determination that a count of a subset of the second user identifies that are on the list is above a threshold.
  - 8. The controller of claim 1, wherein the graph is identified for update based on the access token.
  - 9. The controller of claim 1, wherein the graph is identified for update based on a user identity of the access.
  - 10. The controller of claim 9, wherein the user identity is determined based on an electronic signature generated from the input data.
  - 11. The controller of claim 1, wherein the graph is generated based on a cluster of access activities after identifying the cluster from a set of access activities using a statistical cluster analysis.
  - 12. The controller of claim 1, wherein the graph is extracted from a second graph based on a node selected according to the input data and a predetermined number of degrees of separation from the selected node.
  - 13. The controller of claim 1, wherein in processing the access made using the access token, the controller determines from the graph data a score representing a risk of the access being fraudulent.

14. A non-transitory computer storage medium storing instructions which when executed by a controller, cause the controller to perform a set of steps for user authentication and access control, the set of steps comprising:
- storing, in the controller coupled to a network, graph data representing a graph having;
  
  nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses; and
  
  processing an access made using an access token based on changes to the graph caused by the access, by at least;
  
  receiving, in the controller over the network from a computing site, input data specifying details of access made using access token;
  
  updating, by the controller, the graph according to the input data of the access made using the access token;
  
  identifying, by the controller, the changes in the graph resulting from updating the graph according to the input data of the access made using the access token;
  
  identifying, by the controller for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change;
  
  evaluating, by the controller, trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score;
  
  processing, by the controller, the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and
  
  in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement;
  
  identifying a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation;
  
  evaluating trustworthiness of second user identities corresponding to the second set of elements; and
  
  processing the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.

15. A method for user authentication and access control, the method comprising:
- storing, in a controller coupled to a network, graph data representing a graph having;
  
  nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses; and
  
  processing an access made using an access token based on changes to the graph caused by the access, by at least;
  
  receiving, in the controller over the network from a computing site, input data specifying details of the access made using the access token;
  
  updating, by the controller, the graph according to the input data of the access made using the access token;
  
  identifying, by the controller, the changes in the graph resulting from updating the graph according to the input data of the access made using the access token;
  
  identifying, by the controller for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change;
  
  evaluating, by the controller, trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score;
  
  processing, by the controller, the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements;
  
  making a determination by the controller that the trustworthiness of the first user identities does not meet a predetermined requirement; and
  
  in response to the determination;
  
  identifying, by the controller, a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation;
  
  evaluating trustworthiness of second user identities corresponding to the second set of elements; and
  
  processing the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the trustworthiness of the second user identities is based on a count of a subset of the second user identities that are on a list of user identities of a predetermined category.
  - 17. The method of claim 15, wherein the trustworthiness of the first user identities is based on presence of the first user identities on a list of user identities of a predetermined category.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acuant Inc. (GB Group Plc)
Original Assignee
IDM Global, Inc.
Inventors
Caldera, Jose, Sherlock, Kieran, Reiter, Neal Jared
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/464,153
Publication Number

US 20180097790A1
Time in Patent Office

673 Days
Field of Search

726 1- 4, 726 9
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 67/535   Tracking the activity of th...

Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

148 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links