Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score

US 10,250,583 B2
Filed: 03/20/2017
Issued: 04/02/2019
Est. Priority Date: 10/17/2016
Status: Active Grant

First Claim

Patent Images

1. A controller for user authentication and access control, the controller comprising:

at least one microprocessor;

a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and

memory coupled with the at least one microprocessor and storing;

graph data representing a graph having nodes and links;

wherein the nodes of the graph represent data elements associated with accesses made using access tokens, andwherein the links of the graph among the nodes of the graph represent connections between the data elements identified in collected data about the accesses;

instructions which, when executed by the at least one microprocessor, cause the controller to;

receive, from the computing site, input data specifying details of an access made using an access token;

update the graph according to the input data;

determine a plurality of measurements of the graph;

compute a score of the graph based on a weighted average of the measurements; and

process the access made using the access token based on the score.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and determines a plurality of measurements of the graph. After computing a score of the graph based on a weighted average of the measurements, the controller authenticates the user of the access and/or controls the access based on the score.

Citations

20 Claims

1. A controller for user authentication and access control, the controller comprising:
- at least one microprocessor;
  
  a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
  
  memory coupled with the at least one microprocessor and storing;
  
  graph data representing a graph having nodes and links;
  
  wherein the nodes of the graph represent data elements associated with accesses made using access tokens, andwherein the links of the graph among the nodes of the graph represent connections between the data elements identified in collected data about the accesses;
  
  instructions which, when executed by the at least one microprocessor, cause the controller to;
  
  receive, from the computing site, input data specifying details of an access made using an access token;
  
  update the graph according to the input data;
  
  determine a plurality of measurements of the graph;
  
  compute a score of the graph based on a weighted average of the measurements; and
  
  process the access made using the access token based on the score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The controller of claim 1, wherein the controller adjusts weights used in the weighted average by machine learning from historic events of access.
  - 3. The controller of claim 1, wherein the plurality of measurements include one of:
    - a depth of the graph, and a breadth of the graph.
  - 4. The controller of claim 3, wherein the plurality of measurements include a count of user identities that are in the graph and have a predetermined type.
  - 5. The controller of claim 4, wherein the predetermined type is based on a tag applied to user identities.
  - 6. The controller of claim 4, wherein the predetermined type is based on a list of user identities of a predetermined category.
  - 7. The controller of claim 4, wherein the predetermined type is based on a type of reputation identified based on user identities being on blacklists associated with undesirable events including chargebacks.
  - 8. The controller of claim 3, wherein the plurality of measurements include a total count of user identities in the graph.
  - 9. The controller of claim 3, wherein the plurality of measurements include a growth rate of the graph.
  - 10. The controller of claim 1, wherein the graph is defined by one or more statistical boundaries.
  - 11. The controller of claim 1, wherein the graph is identified for update based on the access token.
  - 12. The controller of claim 1, wherein the graph is identified for update based on a device identity of the access.
  - 13. The controller of claim 1, wherein the graph is identified for update based on a user identity of the access.
  - 14. The controller of claim 13, wherein the user identity is determined based on an electronic signature generated from the input data.
  - 15. The controller of claim 1, wherein the graph is generated based on a cluster of access activities after identifying the cluster from a set of access activities using a statistical cluster analysis.
  - 16. The controller of claim 1, wherein the graph is extracted from a second graph based on a node selected according to the input data and a predetermined number of degrees of separation from the selected node.

17. A non-transitory computer storage medium storing instructions which, when executed by a controller, cause the controller to perform a method for user authentication and access control, the method comprising:
- storing, in the controller coupled to a network, graph data representing a graph having;
  
  nodes representing data elements associated with accesses made using access tokens, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses;
  
  receiving, in the controller over the network from a computing site, input data specifying details of an access made using an access token;
  
  updating, by the controller, the graph according to the input data;
  
  determining, by the controller, a plurality of measurements of the graph;
  
  computing, by the controller, a score of the graph based on a weighted average of the measurements; and
  
  processing, by the controller, the access made using the access token based on the score.

18. A method for user authentication and access control, the method comprising:
- storing, in a controller coupled to a network, graph data representing a graph having;
  
  nodes representing data elements that are;
  
  associated with accesses made using access tokens, andidentified in collected data about the accesses;
  
  links among the nodes representing connections between the data elements identified in the collected data about the accesses;
  
  receiving, in the controller over the network from a computing site, input data specifying details of an access made using an access token;
  
  updating, by the controller, the graph according to the input data;
  
  determining, by the controller, a plurality of measurements of the graph;
  
  computing, by the controller, a score of the graph based on a weighted average of the measurements; and
  
  processing, by the controller, the access made using the access token based on the score.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the graph is defined by at least one statistical boundary.
  - 20. The method of claim 19, further comprising:
    - dynamically adjusting the statistical boundary to accommodate insertion of nodes in the graph according to the input data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acuant Inc. (GB Group Plc)
Original Assignee
IDM Global, Inc.
Inventors
Caldera, Jose, Sherlock, Kieran, Anderson, Safyre Nirvana, Tang, Bin
Primary Examiner(s)
Shehni, Ghazal B

Application Number

US15/464,193
Publication Number

US 20180109507A1
Time in Patent Office

743 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06N 20/00   Machine learning

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to authenticate users and/or control access made by users on a computer network using a graph score

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links