Dynamic detection of unauthorized activity in multi-channel system

US 10,397,252 B2
Filed: 10/13/2017
Issued: 08/27/2019
Est. Priority Date: 10/13/2017
Status: Active Grant

First Claim

Patent Images

1. A dynamic unauthorized activity detection computing platform, comprising:

at least one processor;

a communication interface communicatively coupled to the at least one processor; and

memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to;

receive first data from a first communication channel;

format the first data received from the first communication channel;

analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;

receive second data from a second communication channel different from the first communication channel;

format the second data received from the second communication channel;

analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;

evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;

responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and

responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems for dynamically detecting unauthorized activity are provided. A system may receive data from one or more computing devices associated with one or more different channels of communication (e.g., email, telephone, instant messaging, internet browsing, and the like). The received data may be formatted or transformed from an unstructured format to a structured format for further analysis and evaluation. In some arrangements, machine learning may be used to determine whether triggering content was identified in data received from the one or more systems and to evaluate the identified triggering content to determine whether the content, alone or in combination with triggering content from other channels of communication, may indicate an occurrence of unauthorized activity. If so, the identified occurrence may be evaluated to determine whether a false positive has occurred. If a false positive has not occurred, an alert or notification may be generated and/or operation or functionality one or more communication channels may be modified.

Citations

24 Claims

1. A dynamic unauthorized activity detection computing platform, comprising:
- at least one processor;
  
  a communication interface communicatively coupled to the at least one processor; and
  
  memory storing computer-readable instructions that, when executed by the at least one processor, cause the dynamic unauthorized activity detection computing platform to;
  
  receive first data from a first communication channel;
  
  format the first data received from the first communication channel;
  
  analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
  
  receive second data from a second communication channel different from the first communication channel;
  
  format the second data received from the second communication channel;
  
  analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
  
  evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;
  
  responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and
  
  responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The dynamic unauthorized activity detection computing platform of claim 1, further including instructions that, when executed, cause the dynamic unauthorized activity detection computing platform to:
    - responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, evaluating the indicated unauthorized activity to determine whether a false positive has occurred.
  - 3. The dynamic unauthorized activity detection computing platform of claim 1, wherein evaluating, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity includes determining whether the triggering content of the second occurrence occurred within a predetermined time period of the triggering content of the first occurrence.
  - 4. The dynamic unauthorized activity detection computing platform of claim 1, wherein the first communication channel includes one of:
    - telephone, email, instant messaging and internet browsing.
  - 5. The dynamic unauthorized activity detection computing platform of claim 4, wherein the second communication channel is another of:
    - telephone, email, instant messaging and internet browsing.
  - 6. The dynamic unauthorized activity detection computing platform of claim 1, wherein formatting the first data and the second data includes transforming the first data and the second data from an unstructured format to a structured format.
  - 7. The dynamic unauthorized activity detection computing platform of claim 1, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to prevent access to the at least one of the first communication channel and the second communication channel for a user.
  - 8. The dynamic unauthorized activity detection computing platform of claim 1, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to disable functionality of the at least one of the first communication channel and the second communication channel for a user.

9. A method, comprising:
- at a computing platform comprising at least one processor, memory, and a communication interface;
  
  receiving, by the at least one processor and via the communication interface, first data from a first communication channel;
  
  formatting, by the at least one processor, the first data received from the first communication channel;
  
  analyzing, by the at least one processor, the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
  
  receiving, by the at least one processor and via the communication interface, second data from a second communication channel different from the first communication channel;
  
  formatting, by the at least one processor, the second data received from the second communication channel;
  
  analyzing, by the at least one processor, the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
  
  evaluating, by the at least one processor and based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity; and
  
  responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying, by the at least one processor, operation of at least one of the first communication channel and the second communication channel.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further including:
    - responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, evaluating, by the at least one processor, the indicated unauthorized activity to determine whether a false positive has occurred.
  - 11. The method of claim 9, wherein evaluating, by the at least one processor and based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity includes determining, by the at least one processor, whether the triggering content of the second occurrence occurred within a predetermined time period of the triggering content of the first occurrence.
  - 12. The method of claim 9, wherein the first communication channel includes one of:
    - telephone, email, instant messaging and internet browsing.
  - 13. The method of claim 12, wherein the second communication channel is another of:
    - telephone, email, instant messaging and internet browsing.
  - 14. The method of claim 9, wherein formatting the first data and the second data includes transforming, by the at least one processor, the first data and the second data from an unstructured format to a structured format.
  - 15. The method of claim 9, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to prevent access to the at least one of the first communication channel and the second communication channel for a user.
  - 16. The method of claim 9, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to disable functionality of the at least one of the first communication channel and the second communication channel for a user.

17. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to:
- receive first data from a first communication channel;
  
  format the first data received from the first communication channel;
  
  analyze the formatted first data received from the first communication channel to identify a first occurrence of triggering content;
  
  receive second data from a second communication channel different from the first communication channel;
  
  format the second data received from the second communication channel;
  
  analyze the formatted second data received from the second communication channel to identify a second occurrence of triggering content;
  
  evaluate, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity;
  
  responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, modifying operation of at least one of the first communication channel and the second communication channel; and
  
  responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence does not indicate unauthorized activity, receive subsequent data from at least one of the first communication channel and the second communication channel.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The one or more non-transitory computer-readable media of claim 17, further including instructions that, when executed, cause the computing platform to:
    - responsive to determining that the triggering content of the first occurrence in combination with the triggering content of the second occurrence indicates unauthorized activity, evaluating the indicated unauthorized activity to determine whether a false positive has occurred.
  - 19. The one or more non-transitory computer-readable media of claim 17, wherein evaluating, based on one or more machine learning datasets, the first occurrence of triggering content and the second occurrence of triggering content to determine whether triggering content of the first occurrence, in combination with triggering content of the second occurrence, indicates unauthorized activity includes determining whether the triggering content of the second occurrence occurred within a predetermined time period of the triggering content of the first occurrence.
  - 20. The one or more non-transitory computer-readable media of claim 17, wherein the first communication channel includes one of:
    - telephone, email, instant messaging and internet browsing.
  - 21. The one or more non-transitory computer-readable media of claim 20, wherein the second communication channel is another of:
    - telephone, email, instant messaging and internet browsing.
  - 22. The one or more non-transitory computer-readable media of claim 17, wherein formatting the first data and the second data includes transforming the first data and the second data from an unstructured format to a structured format.
  - 23. The one or more non-transitory computer-readable media of claim 17, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to prevent access to the at least one of the first communication channel and the second communication channel for a user.
  - 24. The one or more non-transitory computer-readable media of claim 17, wherein modifying operation of at least one of the first communication channel and the second communication channel includes executing an instruction to disable functionality of the at least one of the first communication channel and the second communication channel for a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Singh, Awadhesh Pratap
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US15/782,933
Publication Number

US 20190116192A1
Time in Patent Office

683 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1441 Countermeasures against mal...

Dynamic detection of unauthorized activity in multi-channel system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic detection of unauthorized activity in multi-channel system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links