Framework for authenticating new users
First Claim
Patent Images
1. A method of authenticating a user to control access to an electronic resource, the method comprising:
- receiving, by processing circuitry, a first set of authentication factors describing electronic activities being performed by a new user, the electronic activities described by the first set of authentication factors including at least one of (i) a server that the new user accesses, (ii) times at which the user accesses the server, and (iii) accessed applications;
based on the first set of authentication factors, classifying, by the processing circuitry, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors;
after classifying the new user as a member of the particular group of users, receiving, by the processing circuitry, a request from the new user to access the electronic resource; and
in response to receiving the request, performing, by the processing circuitry, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource,wherein new sets of authentication factors are received at specified intervals, and wherein the method further comprises, after classifying the new user as a member of the particular group of users;
receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user;
for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and
selecting a new group of users for which the distance measure is a minimum over the multiple groups of users.
4 Assignments
0 Petitions
Accused Products
Abstract
Techniques of authenticating a new user involve classifying a new user as a member of a group based on the new user'"'"'s current activity. Along these lines, when a new user enrolls in an authentication system, the authentication system places the new user in a group of new users that have not made any requests and are assumed to be high risks of making fraudulent requests. Once the new user makes a request to access a resource, the authentication system classifies the new user as a member of another group according to authentication factors describing activities surrounding the request.
30 Citations
19 Claims
-
1. A method of authenticating a user to control access to an electronic resource, the method comprising:
-
receiving, by processing circuitry, a first set of authentication factors describing electronic activities being performed by a new user, the electronic activities described by the first set of authentication factors including at least one of (i) a server that the new user accesses, (ii) times at which the user accesses the server, and (iii) accessed applications; based on the first set of authentication factors, classifying, by the processing circuitry, the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors; after classifying the new user as a member of the particular group of users, receiving, by the processing circuitry, a request from the new user to access the electronic resource; and in response to receiving the request, performing, by the processing circuitry, an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource, wherein new sets of authentication factors are received at specified intervals, and wherein the method further comprises, after classifying the new user as a member of the particular group of users; receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user; for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and selecting a new group of users for which the distance measure is a minimum over the multiple groups of users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product including a non-transitory, computer-readable storage medium which stores executable code, which when executed by a computer, causes the computer to perform a method of authenticating a user to control access to an electronic resource, the method comprising:
-
receiving a first set of authentication factors describing electronic activities being performed by a new user; based on the first set of authentication factors, classifying the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors; after classifying the new user as a member of the particular group of users, receiving a request from the new user to access the electronic resource; and in response to receiving the request, performing an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource, wherein new sets of authentication factors are received at specified intervals, and wherein the method further comprises, after classifying the new user as a member of the particular group of users; receiving a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user; for each of the multiple groups of users, generating a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and selecting a new group of users for which the distance measure is a minimum over the multiple groups of users. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An electronic apparatus comprising memory and controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to:
-
receive a first set of authentication factors describing electronic activities being performed by a new user; based on the first set of authentication factors, classify the new user as a member of a particular group of users that (i) have performed the electronic activities and (ii) share a set of attributes described by a second set of authentication factors; after classifying the new user as a member of the particular group of users, receive a request from the new user to access the electronic resource; and in response to receiving the request, perform an authentication operation on the request based on the first set of authentication factors and the second set of authentication factors, the authentication operation producing an authentication result indicating whether to grant or deny the new user access to the electronic resource, wherein new sets of authentication factors are received at specified intervals, and wherein, after classifying the new user as a member of the particular group of users, the controlling circuitry is further constructed and arranged to; receive a new set of authentication factors, the new set of authentication factors describing new electronic activities being performed by the new user; for each of the multiple groups of users, generate a distance measure between a set of authentication factors describing the new set of electronic activities performed by the new user and the new set of authentication factors describing the new set of electronic activities performed by each member of that group of users; and select a new group of users for which the distance measure is a minimum over the multiple groups of users. - View Dependent Claims (17, 18, 19)
-
Specification