Framework for authenticating new users

US 10,587,596 B1
Filed: 03/31/2016
Issued: 03/10/2020
Est. Priority Date: 03/31/2016
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user to control access to an electronic resource, the method comprising:

receiving, by processing circuitry, a first set of authentication factors describing electronic activities being performed by a new user, the electronic activities described by the first set of authentication factors including at least one of (i) a server that the new user accesses, (ii) times at which the user accesses the server, and (iii) accessed applications;

based on the first set of authentication factors, classifying, by the processing circuitry, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors;

after classifying the new user as a member of the particular group of users, receiving, by the processing circuitry, a request from the new user to access the electronic resource; and

in response to receiving the request, performing, by the processing circuitry, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource,wherein new sets of authentication factors are received at specified intervals, and wherein the method further comprises, after classifying the new user as a member of the particular group of users;

receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user;

for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and

selecting a new group of users for which the distance measure is a minimum over the multiple groups of users.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques of authenticating a new user involve classifying a new user as a member of a group based on the new user'"'"'s current activity. Along these lines, when a new user enrolls in an authentication system, the authentication system places the new user in a group of new users that have not made any requests and are assumed to be high risks of making fraudulent requests. Once the new user makes a request to access a resource, the authentication system classifies the new user as a member of another group according to authentication factors describing activities surrounding the request.

30 Citations

View as Search Results

19 Claims

1. A method of authenticating a user to control access to an electronic resource, the method comprising:
- receiving, by processing circuitry, a first set of authentication factors describing electronic activities being performed by a new user, the electronic activities described by the first set of authentication factors including at least one of (i) a server that the new user accesses, (ii) times at which the user accesses the server, and (iii) accessed applications;
  
  based on the first set of authentication factors, classifying, by the processing circuitry, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors;
  
  after classifying the new user as a member of the particular group of users, receiving, by the processing circuitry, a request from the new user to access the electronic resource; and
  
  in response to receiving the request, performing, by the processing circuitry, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource,wherein new sets of authentication factors are received at specified intervals, and wherein the method further comprises, after classifying the new user as a member of the particular group of users;
  
  receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user;
  
  for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and
  
  selecting a new group of users for which the distance measure is a minimum over the multiple groups of users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as in claim 1, wherein the particular group of users is one group among multiple groups of users;
    - wherein classifying the new user as a member of the particular group of users includes;
      
      for each of the multiple groups of users, generating a distance measure between the first set of authentication factors describing the electronic activities performed by the new user and the first set of authentication factors describing electronic activities performed by each member of that group of users, the distance measure indicating a measure of closeness between the electronic activities performed by the new user and the electronic activities performed by each member of that group of users; and
      
      selecting, as the particular group of users, a group of users for which the distance measure is a minimum over the multiple groups of users.
  - 3. A method as in claim 2, wherein performing the authentication operation includes generating a risk score for the request from a risk model, the risk score being a number indicating a level of anomalous behavior from that expected of the new user, a large risk score indicating a high level of anomalous behavior, a small risk score indicating a low level of anomalous behavior, the risk model mapping each authentication factor of the first set of authentication factors and the second set of authentication factors to a respective weight, the weight indicating an importance of that authentication factor to the level of anomalous behavior of the new user.
  - 4. A method as in claim 3, wherein generating the distance measure includes, for each of the multiple groups of users:
    - for each of the first set of authentication factors, forming an absolute difference between that authentication factor describing a respective electronic activity performed by the new user and that authentication factor describing the respective electronic activity performed by each member of that group of users; and
      
      producing, as the distance measure, a sum of products of (i) the absolute distance for each of the first set of authentication factors and (ii) the respective weight to which the risk model maps that authentication factor.
  - 5. A method as in claim 3, wherein, prior to receiving the first set of authentication factors describing the electronic activities being performed by the new user, the method further comprises:
    - selecting the electronic activities from a plurality of electronic activities performed by a large group of users, each of the first set of authentication factors describing a respective selected electronic activity performed by a user of the large group of users;
      
      selecting the set of attributes from a plurality of attributes of the large group of users, each of the second set of authentication factors describing the an attribute of a user of the large group of users; and
      
      forming each of the multiple groups of users based on the first set of authentication factors and the second set of authentication factors.
  - 6. A method as in claim 1, wherein new sets of authentication factors are received periodically.
  - 7. A method as in claim 1, further comprising, prior to receiving the first set of authentication factors, classifying the new user as a member of a preliminary group based on a preliminary set of authentication factors describing a set of attributes shared by the new user and each member of the preliminary group.
  - 8. A method as in claim 1, further comprising:
    - based on the first set of authentication factors, creating a behavioral profile for the new user from which to make authentication decisions, the behavioral profile including multiple activity-based authentication factors as at least some of the second set of authentication factors, andupdating the multiple activity-based authentication factors of the second set of authentication factors with expected values based on subsequent activity of the new user.

9. A computer program product including a non-transitory, computer-readable storage medium which stores executable code, which when executed by a computer, causes the computer to perform a method of authenticating a user to control access to an electronic resource, the method comprising:
- receiving a first set of authentication factors describing electronic activities being performed by a new user;
  
  based on the first set of authentication factors, classifying the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors;
  
  after classifying the new user as a member of the particular group of users, receiving a request from the new user to access the electronic resource; and
  
  in response to receiving the request, performing an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource,wherein new sets of authentication factors are received at specified intervals, andwherein the method further comprises, after classifying the new user as a member of the particular group of users;
  
  receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user;
  
  for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and
  
  selecting a new group of users for which the distance measure is a minimum over the multiple groups of users.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A computer program product as in claim 9, wherein the particular group of users is one group among multiple groups of users;
    - wherein classifying the new user as a member of the particular group of users includes;
      
      for each of the multiple groups of users, generating a distance measure between the first set of authentication factors describing the electronic activities performed by the new user and the first set of authentication factors describing electronic activities performed by each member of that group of users, the distance measure indicating a measure of closeness between the electronic activities performed by the new user and the electronic activities performed by each member of that group of users; and
      
      selecting, as the particular group of users, a group of users for which the distance measure is a minimum over the multiple groups of users.
  - 11. A computer program product as in claim 10, wherein performing the authentication operation includes generating a risk score for the request from a risk model, the risk score being a number indicating a level of anomalous behavior from that expected of the new user, a large risk score indicating a high level of anomalous behavior, a small risk score indicating a low level of anomalous behavior, the risk model mapping each authentication factor of the first set of authentication factors and the second set of authentication factors to a respective weight, the weight indicating an importance of that authentication factor to the level of anomalous behavior of the new user.
  - 12. A computer program product as in claim 11, wherein generating the distance measure includes, for each of the multiple groups of users:
    - for each of the first set of authentication factors, forming an absolute difference between that authentication factor describing a respective electronic activity performed by the new user and that authentication factor describing the respective electronic activity performed by each member of that group of users; and
      
      producing, as the distance measure, a sum of products of (i) the absolute distance for each of the first set of authentication factors and (ii) the respective weight to which the risk model maps that authentication factor.
  - 13. A computer program product as in claim 11, wherein, prior to receiving the first set of authentication factors describing the electronic activities being performed by the new user, the method further comprises:
    - selecting the electronic activities from a plurality of electronic activities performed by a large group of users, each of the first set of authentication factors describing a respective selected electronic activity performed by a user of the large group of users;
      
      selecting the set of attributes from a plurality of attributes of the large group of users, each of the second set of authentication factors describing the an attribute of a user of the large group of users; and
      
      forming each of the multiple groups of users based on the first set of authentication factors and the second set of authentication factors.
  - 14. A computer program product as in claim 9, wherein the changes to the risk model are received periodically.
  - 15. A computer program product as in claim 9, wherein the method further comprises, prior to receiving the first set of authentication factors, classifying the new user as a member of a preliminary group based on a preliminary set of authentication factors describing a set of attributes shared by the new user and each member of the preliminary group.

16. An electronic apparatus comprising memory and controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to:
- receive a first set of authentication factors describing electronic activities being performed by a new user;
  
  based on the first set of authentication factors, classify the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors;
  
  after classifying the new user as a member of the particular group of users, receive a request from the new user to access the electronic resource; and
  
  in response to receiving the request, perform an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource,wherein new sets of authentication factors are received at specified intervals, and wherein, after classifying the new user as a member of the particular group of users, the controlling circuitry is further constructed and arranged to;
  
  receive a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user;
  
  for each of the multiple groups of users, generate a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and
  
  select a new group of users for which the distance measure is a minimum over the multiple groups of users.
- View Dependent Claims (17, 18, 19)
- - 17. An electronic apparatus as in claim 16, wherein the particular group of users is one group among multiple groups of users;
    - wherein the controlling circuitry constructed and arranged to classify the new user as a member of the particular group of users is further constructed and arranged to;
      
      for each of the multiple groups of users, generate a distance measure between the first set of authentication factors describing the electronic activities performed by the new user and the first set of authentication factors describing electronic activities performed by each member of that group of users, the distance measure indicating a measure of closeness between the electronic activities performed by the new user and the electronic activities performed by each member of that group of users; and
      
      select, as the particular group of users, a group of users for which the distance measure is a minimum over the multiple groups of users.
  - 18. An electronic apparatus as in claim 17, wherein the controlling circuitry constructed and arranged to perform the authentication operation is further constructed and arranged to generate a risk score for the request from a risk model, the risk score being a number indicating a level of anomalous behavior from that expected of the new user, a large risk score indicating a high level of anomalous behavior, a small risk score indicating a low level of anomalous behavior, the risk model mapping each authentication factor of the first set of authentication factors and the second set of authentication factors to a respective weight, the weight indicating an importance of that authentication factor to the level of anomalous behavior of the new user.
  - 19. An electronic apparatus as in claim 18, wherein the controlling circuitry constructed and arranged to generate the distance measure is further constructed and arranged to, for each of the multiple groups of users:
    - for each of the first set of authentication factors, form an absolute difference between that authentication factor describing a respective electronic activity performed by the new user and that authentication factor describing the respective electronic activity performed by each member of that group of users; and
      
      produce, as the distance measure, a sum of products of (i) the absolute distance for each of the first set of authentication factors and (ii) the respective weight to which the risk model maps that authentication factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Sahar, Carmit, Kolman, Eyal, Kaufman, Alon
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Sarker, Sanchit K

Application Number

US15/086,528
Time in Patent Office

1,440 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/104 Grouping of entities

Framework for authenticating new users

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Framework for authenticating new users

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links