Risk assessment of electronic communication using time zone data

US 10,536,466 B1
Filed: 04/26/2017
Issued: 01/14/2020
Est. Priority Date: 04/26/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a network interface device, one or more electronic communications from a telecommunications network and extracting an access request for protected data from the one or more electronic communications, the access request including an internet protocol address of a proxy device from which the one or more electronic communications are received;

extracting, by the network interface device, browser information from the one or more electronic communications in response to a command transmitted to the telecommunications network, the browser information being about a browser on a user device used by a user to initiate the access request and indicating a first time zone associated with the browser, the internet protocol address and the browser information being independent of data about the user and of data transmitted from the network interface device;

using the internet protocol address of the proxy device and stored data about internet protocol addresses to determine a second time zone for the proxy device; and

determining a risk level for the user device based on a comparison of the first time zone and the second time zone, a geolocation associated with the internet protocol address of the proxy device, and a potential location of the user device in the first time zone;

wherein the risk level corresponds to a level of authentication to require for the user device before allowing the protected data to be transmitted to the user device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network interface device can (i) detect electronic communications from a telecommunications network; (ii) extract an access request for protected data; and (iii) extract browser information about a browser on a user device used by a user to initiate the access request. The access request can include a network address of a device from which the electronic communications were transmitted. The browser information can indicate a time zone associated with the browser. The network address and the browser information can be independent of data about the user and of data transmitted from the network interface device. The network address and stored data about network addresses can be used to determine a time zone for the device. A result of comparing the time zones can be used to determine a level of authentication to require before allowing the protected data to be transmitted to the user device.

47 Citations

View as Search Results

20 Claims

1. A method comprising:
- detecting, by a network interface device, one or more electronic communications from a telecommunications network and extracting an access request for protected data from the one or more electronic communications, the access request including an internet protocol address of a proxy device from which the one or more electronic communications are received;
  
  extracting, by the network interface device, browser information from the one or more electronic communications in response to a command transmitted to the telecommunications network, the browser information being about a browser on a user device used by a user to initiate the access request and indicating a first time zone associated with the browser, the internet protocol address and the browser information being independent of data about the user and of data transmitted from the network interface device;
  
  using the internet protocol address of the proxy device and stored data about internet protocol addresses to determine a second time zone for the proxy device; and
  
  determining a risk level for the user device based on a comparison of the first time zone and the second time zone, a geolocation associated with the internet protocol address of the proxy device, and a potential location of the user device in the first time zone;
  
  wherein the risk level corresponds to a level of authentication to require for the user device before allowing the protected data to be transmitted to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - requesting first-level authentication information from the user device in response to extracting the access request;
      
      receiving the first-level authentication information; and
      
      determining the risk level in response to receiving the first-level authentication information, wherein determining the risk level further comprises;
      
      determining an increased risk level for the user device based on the comparison; and
      
      requesting further-level authentication information from the user device before allowing the protected data to be transmitted to the user device.
  - 3. The method of claim 1, wherein using the internet protocol address of the proxy device and stored data about internet protocol addresses to determine the second time zone for the proxy device comprises:
    - determining a portion of the internet protocol address;
      
      querying a database for the second time zone by transmitting the portion of the internet protocol address to the database, the database storing a plurality of portions of internet protocol addresses, each portion in the plurality of portions of internet protocol addresses being linked to one geolocation of a plurality of geolocations and each geolocation of the plurality of geolocations being associated with one time zone of a plurality of time zones; and
      
      receiving the second time zone from the database in response to querying the database.
  - 4. The method of claim 3, further comprising receiving the geolocation associated with the internet protocol address from the database in response to querying the database.
  - 5. The method of claim 1, wherein extracting the browser information from the one or more electronic communications further comprises:
    - transmitting the command to the user device via the telecommunications network, the command including a request for the browser information, the browser information including a local time of a geolocation of the user device according to the browser; and
      
      determining the first time zone of the user device based on the local time.
  - 6. The method of claim 1, further comprising:
    - requesting, by the network interface device, higher-level authentication from the user device based on the risk level;
      
      receiving, by the network interface device, higher-level authentication data authenticating the user device; and
      
      authorizing, by the network interface device and in response to receiving the higher-level authentication data, the access request for protected data to be communicated to the user device.
  - 7. The method of claim 1, wherein the proxy device is the user device, and wherein determining the risk level comprises:
    - determining that the first time zone is the same as the second time zone; and
      
      determining a reduced risk level for the user device and bypassing a requirement for additional authentication from the user device before allowing the protected data to be transmitted to the user device.

8. A system comprising:
- a network interface device;
  
  a processing device communicatively coupleable to the network interface device; and
  
  a memory device on which instructions are stored for causing the processing device to;
  
  receive one or more electronic communications from a telecommunications network;
  
  extract an access request for protected data from the one or more electronic communications, the access request including an internet protocol address of a proxy device from which the one or more electronic communications are received; and
  
  extract browser information from the one or more electronic communications in response to a command transmitted to the telecommunications network, the browser information being about a browser on a user device used by a user to initiate the access request and indicating a first time zone associated with the browser, the internet protocol address and the browser information being independent of data about the user and data transmitted from the network interface device;
  
  use the internet protocol address of the proxy device and stored data about internet protocol addresses to determine a second time zone for the proxy device; and
  
  determine a risk level for the user device based on a comparison of the first time zone and the second time zone, a geolocation associated with the internet protocol address of the proxy device, and a potential location of the user device in the first time zone;
  
  wherein the risk level corresponds to a level of authentication to require from the user device before allowing the protected data to be transmitted to the user device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the network interface device is communicatively coupleable to an internal subsystem that stores the protected data,wherein the memory device further comprises instructions that are executable by the processing device for causing the processing device to:
    - request first-level authentication information from the user device in response to extracting the access request;
      
      receive the first-level authentication information; and
      
      determine the risk level in response to receiving the first-level authentication information, wherein determining the risk level and further comprises causing the processing device to;
      
      determine an increased risk level for the user device based on the comparison; and
      
      request further-level authentication information from the user device for authenticating the user device to allow the user device to communicate with the internal subsystem.
  - 10. The system of claim 8, wherein the instructions for causing the processing device to use the internet protocol address of the proxy device and stored data about internet protocol addresses to determine the second time zone for the proxy device comprise causing the processing device to:
    - determine a portion of the internet protocol address;
      
      query a database for the second time zone by transmitting the portion of the internet protocol address to the database, the database storing a plurality of portions of internet protocol addresses, each portion in the plurality of portions of internet protocol addresses being linked to one geolocation of a plurality of geolocations and each geolocation of the plurality of geolocations being associated with one time zone of a plurality of time zones; and
      
      receive the second time zone from the database in response to querying the database.
  - 11. The system of claim 10, wherein the instructions for causing the processing device to receive the geolocation associated with the internet protocol address from the database in response to querying the database.
  - 12. The system of claim 8, wherein the instructions for causing the processing device to extract the browser information from the one or more electronic communications further comprises causing the processing device to:
    - transmit the command to the user device via the telecommunications network, the command including a request for the browser information, the browser information including a local time of a geolocation of the user device according to the browser; and
      
      determine the first time zone of the user device based on the local time.
  - 13. The system of claim 8, wherein the proxy device is the user device, and wherein determining the risk level comprises causing the processing device to:
    - determine that the first time zone is the same as the second time zone; and
      
      determine a reduced risk level for the user device and bypassing a requirement for additional authentication from the user device before allowing the protected data to be transmitted to the user device.

14. A non-transitory computer-readable medium in which instructions are stored, the instructions being executable by a processing device for causing the processing device to:
- receive an access request for protected data from a network interface device communicatively coupleable to a telecommunications network for detecting one or more electronic communications and extracting the access requests from the one or more electronic communications, the access request including an internet protocol address of a proxy device from which the electronic communication is received by the network interface device;
  
  receive information from the network interface device, the information extracted from the one or more electronic communications in response to a command transmitted to the telecommunications network, the information indicating a first time zone associated with a user device used by a user to initiate the access request, the internet protocol address and the information being independent of data about the user and of data transmitted from the network interface device;
  
  using the internet protocol address of the proxy device and stored data about internet protocol addresses to determine a second time zone for the proxy device;
  
  determine a risk level for the user device based on a comparison between the first time zone and the second time zone, a geolocation associated with the internet protocol address of the proxy device, and a potential location of the user device in the first time zone; and
  
  wherein the risk level corresponds to a level of authentication to require for the user device before allowing the protected data to be transmitted to the user device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable medium of claim 14, wherein the instructions are further executable for causing the processing device to:
    - request first-level authentication information from the user device in response to receiving the access request;
      
      receive the first-level authentication information;
      
      determine the risk level in response to receiving the first-level authentication information, wherein determining the risk level further comprises causing the processing device to;
      
      determine an increased risk level for the user device based on the comparison; and
      
      request further-level authentication information from the user device before allowing the protected data to be transmitted to the user device.
  - 16. The non-transitory computer-readable medium of claim 14, wherein the instructions for causing the processing device to use the internet protocol address of the proxy device and stored data about internet protocol addresses to determine the second time zone for the proxy device comprise causing the processing device to:
    - determine a portion of the internet protocol address;
      
      query a database for the second time zone by transmitting the portion of the internet protocol address to the database, the database storing a plurality of portions of internet protocol addresses, each portion in the plurality of portions of internet protocol addresses being linked to one geolocation of a plurality of geolocations and each geolocation of the plurality of geolocations being associated with one time zone of a plurality of time zones; and
      
      receive the second time zone from the database in response to querying the database.
  - 17. The non-transitory computer-readable medium of claim 14,wherein the information is browser information, and wherein the instructions for causing the processing device to receive the information from the network interface device further comprises causing the processing device to:
    - transmit the command to the user device via the telecommunications network, the command including a request for the browser information, the browser information including a local time of a geolocation of the user device according to a browser of the user device; and
      
      determine the first time zone of the user device based on the local time.
  - 18. The non-transitory computer-readable medium of claim 14, wherein the instructions are further executable for causing the processing device to:
    - request higher-level authentication from the user device based on the risk level;
      
      receive higher-level authentication data authenticating the user device; and
      
      authorize the access request for protected data to be communicated to the user device in response to receiving the higher-level authentication data.
  - 19. The non-transitory computer-readable medium of claim 14, wherein the proxy device is the user device, and wherein the instructions for causing the processing device to determine the risk level comprises causing the processing device to:
    - determine that the first time zone is the same as the second time zone; and
      
      determine a reduced risk level for the user and bypassing a requirement for additional authentication from the user device before allowing the protected data to be transmitted to the user device.
  - 20. The non-transitory computer-readable medium of claim 14, wherein the proxy device is different from the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Truist Bank (Private Banking) (Truist Financial Corp.)
Original Assignee
Branch Banking & Trust Company (Truist Financial Corp.)
Inventors
Griffin, Jeffrey Jason
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US15/498,171
Time in Patent Office

993 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 16/29   Geographical information da...

G06F 16/951   Indexing; Web crawling tech...

H04L 2463/082   applying multi-factor authe...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

Risk assessment of electronic communication using time zone data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk assessment of electronic communication using time zone data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links