Systems and methods for securing access to resources

US 10,440,041 B2
Filed: 09/18/2018
Issued: 10/08/2019
Est. Priority Date: 11/15/2016
Status: Active Grant

First Claim

Patent Images

1. A method for securing access to a resource, the method comprising performing, by a computer system:

segmenting a set of previous access requests into a plurality of time-based subsets of access requests, each previous access request of the set including one or more parameters that involve one or more conditions of a potential access rule;

determining a plurality of predictive percentages including a predictive percentage for each of the plurality of time-based subsets based on validity information corresponding to each previous access request of the time-based subsets, the validity information indicating whether each access request of the plurality of previous access requests is valid or invalid;

determining a detection stability rating of the potential access rule by comparing the plurality of predictive percentages; and

selecting the potential access rule to be a candidate access rule for use in an operational set of access rules based on the detection stability rating of the potential access rule compared to detection stability ratings of other access rules, wherein the candidate access rule is included in the operational set of access rules, the operational set of access rules is loaded into a system memory, and the operational set of access rules is used to determine an access request outcome for a real-time access request for the resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, a resource security system may determine an access request outcome (e.g., accept, reject, or review) for an access request based on access rules. The resource security system may generate and select the access rules to be used for using stability information. For instance, the resource security system may select a training set from the received access requests, e.g., including recently received access requests, and generate a plurality of potential access rules based on the training set. The resource security system may determine and compare the detection performance and the stability performance of the potential access rules. The resource security system may select the best performing potential access rules to be used in operation for determining the outcome of access requests.

9 Citations

View as Search Results

20 Claims

1. A method for securing access to a resource, the method comprising performing, by a computer system:
- segmenting a set of previous access requests into a plurality of time-based subsets of access requests, each previous access request of the set including one or more parameters that involve one or more conditions of a potential access rule;
  
  determining a plurality of predictive percentages including a predictive percentage for each of the plurality of time-based subsets based on validity information corresponding to each previous access request of the time-based subsets, the validity information indicating whether each access request of the plurality of previous access requests is valid or invalid;
  
  determining a detection stability rating of the potential access rule by comparing the plurality of predictive percentages; and
  
  selecting the potential access rule to be a candidate access rule for use in an operational set of access rules based on the detection stability rating of the potential access rule compared to detection stability ratings of other access rules, wherein the candidate access rule is included in the operational set of access rules, the operational set of access rules is loaded into a system memory, and the operational set of access rules is used to determine an access request outcome for a real-time access request for the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - storing reporting-delay information indicating percentages of access requests that are expected to have been reported as valid or invalid after certain amounts of time; and
      
      compensating the validity information based on the reporting-delay information, wherein the plurality of predictive percentages are based on the compensated validity information.
  - 3. The method of claim 2, wherein the reporting-delay information indicates a plurality of time periods and a corresponding plurality of reporting percentages, the corresponding plurality of reporting percentages indicating the percentages of access requests that are expected to have been reported within the plurality of time periods.
  - 4. The method of claim 3, wherein the validity information corresponding to a recent access request is compensated more than the validity information corresponding to a later access request.
  - 5. The method of claim 1, further comprising determining a detection variation of the plurality of predictive percentages, wherein the determining of the detection stability rating of the potential access rule is further based on a trend of the detection variation over time.
  - 6. The method of claim 1, wherein the segmenting of the set of previous access requests into a plurality of subsets of access requests is based on a plurality of sliding time windows.
  - 7. The method of claim 1, further comprising:
    - determining a triggering percentage for each of the plurality of time-based subsets based on the validity information corresponding to each previous access request of the time-based subsets;
      
      determining a triggering stability rating of the potential access rule by comparing the plurality of triggering percentages, wherein the selecting of the potential access rule to be included in the operational set of access rules is further based on the triggering stability rating of the potential access rule; and
      
      determining a triggering variation of the plurality of triggering percentages, wherein the determining of the detection stability rating of the potential access rule is further based on the triggering variation.
  - 8. The method of claim 1, further comprising adjusting the validity information based on false positive percentages of the operational set of access rules.
  - 9. The method of claim 1, wherein the set of previous access requests includes at least one previous access requests that was received within a past week and at least one previous access request that was received more than eighteen months ago.
  - 10. The method of claim 1, further comprising:
    - including the candidate access rule in the operational set of access rules based on the detection stability rating of the candidate access rule compared to detection stability ratings of other access rules;
      
      loading the operational set of access rules into a system memory;
      
      receiving, over a network from a plurality of devices, a plurality of real-time access requests;
      
      accessing the system memory to obtain the operational set of access rules when one of the plurality of real-time access requests is received from a first device of the plurality of devices;
      
      using the operational set of access rules to determine an access request outcome for the one real-time access request; and
      
      providing access to the resource based on the access request outcome.

11. A computer system for securing access to a resource, the computer system comprising:
- a computer readable storage medium storing a plurality of instructions; and
  
  one or more processors for executing the instructions stored on the computer readable storage medium to;
  
  segment a set of previous access requests into a plurality of time-based subsets of access requests, each previous access request of the set including one or more parameters that involve one or more conditions of a potential access rule;
  
  determine a plurality of predictive percentages including a predictive percentage for each of the plurality of time-based subsets based on validity information corresponding to each previous access request of the time-based subsets, the validity information indicating whether each access request of the plurality of previous access requests is valid or invalid;
  
  determine a detection stability rating of the potential access rule by comparing the plurality of predictive percentages; and
  
  select the potential access rule to be a candidate access rule for use in an operational set of access rules based on the detection stability rating of the potential access rule compared to detection stability ratings of other access rules, wherein the candidate access rule is included in the operational set of access rules, the operational set of access rules is loaded into a system memory, and the operational set of access rules is used to determine an access request outcome for a real-time access request for the resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer system of claim 11, further comprising instructions to:
    - store reporting-delay information indicating percentages of access requests that are expected to have been reported as valid or invalid after certain amounts of time; and
      
      compensate the validity information based on the reporting-delay information, wherein the plurality of predictive percentages are based on the compensated validity information.
  - 13. The computer system of claim 12, wherein the reporting-delay information indicates a plurality of time periods and a corresponding plurality of reporting percentages, the reporting percentages indicating the percentages of access requests that are expected to have been reported within the corresponding time periods.
  - 14. The computer system of claim 13, wherein the validity information corresponding to a recent access request is compensated more than the validity information corresponding to a later access request.
  - 15. The computer system of claim 11, further comprising instructions to determine a detection variation of the plurality of predictive percentages, wherein the determining of the detection stability rating of the potential access rule is further based on a trend of the detection variation over time.
  - 16. The computer system of claim 11, wherein the segmenting of the set of previous access requests into a plurality of time-based subsets of access requests is based on a plurality of sliding time windows.
  - 17. The computer system of claim 11, further comprising instructions to:
    - determine a triggering percentage for each of the plurality of time-based subsets based on the validity information corresponding to each previous access request of the time-based subsets;
      
      determine a triggering stability rating of the potential access rule by comparing the plurality of triggering percentages, wherein the selection of the potential access rule to be included in the operational set of access rules is further based on the triggering stability rating of the potential access rule; and
      
      determine a triggering variation of the plurality of triggering percentages, wherein the determining of the detection stability rating of the potential access rule is further based on the triggering variation.
  - 18. The computer system of claim 11, further comprising instructions to adjust the validity information based on false positive percentages of the operational set of access rules.
  - 19. The computer system of claim 11, wherein the set of previous access requests includes at least one previous access requests that was received within a past week and at least one previous access request that was received more than eighteen months ago.
  - 20. The computer system of claim 11, further comprising instructions to:
    - include the candidate access rule in the operational set of access rules based on the detection stability rating of the candidate access rule compared to detection stability ratings of other access rules;
      
      load the operational set of access rules into a system memory;
      
      receive, over a network from a plurality of devices, a plurality of real-time access requests;
      
      access the system memory to obtain the operational set of access rules when one of the plurality of real-time access requests is received from a first device of the plurality of devices;
      
      use the operational set of access rules to determine an access request outcome for the one real-time access request; and
      
      provide access to a resource based on the access request outcome.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Zhou, Haochuan, Hu, Hung-Tzaw, Zhang, Rong, Boding, Benjamin Scott
Primary Examiner(s)
Dinh, Minh

Application Number

US16/134,875
Publication Number

US 20190089726A1
Time in Patent Office

385 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3224   Transactions dependent on l...

G06Q 20/389   Keeping log of transactions...

G06Q 20/4015   using location information

H04L 63/0263   Rule management

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/205   involving negotiation or de...

Systems and methods for securing access to resources

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for securing access to resources

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links