Machine learning system for computing asset access

US 10,606,990 B2
Filed: 07/06/2017
Issued: 03/31/2020
Est. Priority Date: 07/06/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing access data for a first user of a plurality of users, the access data for the first user indicating an access history by the first user to one or more of a plurality of available computing assets;

analyzing, by a machine learning algorithm executing on one or more hardware processors, the access data of the first user to generate a set of access characteristics for the first user, the expected access characteristics for the first user identifying one or more expected characteristics when the first user accesses data;

receiving an indication of a current access attempt for a first available computing asset, the current access attempt using an identity of the first user of the plurality of users;

comparing at least one access characteristic associated with the current access attempt to the set of access characteristics for the first user, yielding a first comparison;

determining a security level associated with the first available computing asset; and

selecting, based on the first comparison and the level of security associated with the first available computing asset, a first authentication process from a plurality of authentication processes for presentation to the first user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various example embodiments, a method for controlling computing asset access using machine learning is presented. In an example embodiment, access data for each user of a plurality of users are accessed, wherein the access data for a user indicate an access history by that user to one or more available assets. Using a machine learning algorithm, the access data of each user are analyzed to generate a characteristic associated with the access data of each user. An indication of a current access attempt of one of the assets is received using an identity of a first user. A characteristic associated with the current access attempt is compared to the characteristic associated with the access data of the first user. Based on the comparison, an authentication process is selected for presentation to the first user for the current access attempt.

52 Citations

View as Search Results

21 Claims

1. A method comprising:
- accessing access data for a first user of a plurality of users, the access data for the first user indicating an access history by the first user to one or more of a plurality of available computing assets;
  
  analyzing, by a machine learning algorithm executing on one or more hardware processors, the access data of the first user to generate a set of access characteristics for the first user, the expected access characteristics for the first user identifying one or more expected characteristics when the first user accesses data;
  
  receiving an indication of a current access attempt for a first available computing asset, the current access attempt using an identity of the first user of the plurality of users;
  
  comparing at least one access characteristic associated with the current access attempt to the set of access characteristics for the first user, yielding a first comparison;
  
  determining a security level associated with the first available computing asset; and
  
  selecting, based on the first comparison and the level of security associated with the first available computing asset, a first authentication process from a plurality of authentication processes for presentation to the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the selecting the first authentication process is further based on a requested privilege level associated with the current access attempt.
  - 3. The method of claim 1, further comprising:
    - accessing identification data for the first user, the identification data describing an operational role assigned to the first user within an organization, wherein the analyzing of the access data of the first user is based on the operational role assigned to the first user.
  - 4. The method of claim 1, wherein analyzing the access data of the first user comprises:
    - identifying similarities between the access data of the first user and the access data of a second user of the plurality of users.
  - 5. The method of claim 4, wherein the access data of the first user comprises a first network graph, the access data of the second user comprises a second network graph, and the method further comprises:
    - generating a correlation metric relating the first network graph to the second network graph, wherein the identifying of similarities between the access data of the first user and the access data of the second user is based on the correlation metric.
  - 6. The method of claim 1, wherein the selecting the first authentication process is based on the at least one characteristic associated with the current access attempt being anomalous to the at least one characteristic from the set of access characteristics for the first user.
  - 7. The method of claim 1, further comprising:
    - receiving an indication of a subsequent access attempt for a second available computing asset, the subsequent access attempt using the identity of the first user;
      
      comparing at least one access characteristic associated with the subsequent access attempt to the set of access characteristics for the first user, yielding a second comparison, wherein the at least one access characteristic associated with the subsequent access attempt is within a threshold similarity to the at least one access characteristic associated with the current access attempt;
      
      determining a security level associated with the second available computing asset, the security level associated with the second available computing asset being higher than the security level associated with the first available computing asset; and
      
      selecting, based on the second comparison and the level of security associated with the second available computing asset, a second authentication process from the plurality of authentication processes for presentation to the first user, the second authentication process requiring one piece of information not required in the first authentication process.
  - 8. The method of claim 1, further comprising:
    - generating, based on the at least one access characteristic associated with the current access attempt, a risk reduction recommendation indicating at least one action operable by the user to reduce risk in relation to access attempts; and
      
      transmitting the risk reduction recommendation to the first user.
  - 9. The method of claim 1, further comprising:
    - receiving a support request using the identity of the first user, the support request regarding a particular issue experienced by the first user;
      
      determining, based on the set of access characteristics of the first user, a computing asset related to the particular issue.
  - 10. The method of claim 9, further comprising:
    - determining, based on the computing asset, sets of access characteristics of other users that accessed the computing asset; and
      
      determining, based on the sets of access characteristics of the other users that accessed the computing asset, a previously identified issue associated with the first asset.

11. A system comprising:
- one or more computer processors; and
  
  one or more computer-readable mediums storing instructions that, when executed by the one or more computer processors, cause the system to perform operations comprising;
  
  accessing access data for a first user of a plurality of users, the access data for the first user indicating an access history by the first user to one or more of a plurality of available computing assets;
  
  analyzing, by a machine learning algorithm executing on one or more hardware processors, the access data of the first user to generate a set of access characteristics for the first user, the expected access characteristics for the first user identifying one or more expected characteristics when the first user accesses data;
  
  receiving an indication of a current access attempt for a first available computing asset, the current access attempt using an identity of the first user of the plurality of users;
  
  comparing at least one access characteristic associated with the current access attempt to the set of access characteristics for the first user, yielding a first comparison;
  
  determining a security level associated with the first available computing asset; and
  
  selecting, based on the first comparison and the level of security associated with the first available computing asset, a first authentication process from a plurality of authentication processes for presentation to the first user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the selecting the first authentication process is further based on a requested privilege level associated with the current access attempt.
  - 13. The system of claim 11, the operations further comprising:
    - accessing identification data for the first user, the identification data describing an operational role assigned to the first user within an organization, wherein the analyzing of the access data of the first user is based on the operational role assigned to the first user.
  - 14. The system of claim 11, wherein analyzing the access data of the first user comprises:
    - identifying similarities between the access data of the first user and the access data of a second user of the plurality of users.
  - 15. The system of claim 14, wherein the access data of the first user comprises a first network graph, the access data of the second user comprises a second network graph, and the method further comprises:
    - generating a correlation metric relating the first network graph to the second network graph, wherein the identifying of similarities between the access data of the first user and the access data of the second user is based on the correlation metric.
  - 16. The system of claim 11, wherein the selecting the first authentication process is based on the at least one characteristic associated with the current access attempt being anomalous to the at least one characteristic from the set of access characteristics for the first user.
  - 17. The system of claim 11, the operations further comprising:
    - receiving an indication of a subsequent access attempt for a second available computing asset, the subsequent access attempt using the identity of the first user;
      
      comparing at least one access characteristic associated with the subsequent access attempt to the set of access characteristics for the first user, yielding a second comparison, wherein the at least one access characteristic associated with the subsequent access attempt is within a threshold similarity to the at least one access characteristic associated with the current access attempt;
      
      determining a security level associated with the second available computing asset, the security level associated with the second available computing asset being higher than the security level associated with the first available computing asset; and
      
      selecting, based on the second comparison and the level of security associated with the second available computing asset, a second authentication process from the plurality of authentication processes for presentation to the first user, the second authentication process requiring one piece of information not required in the first authentication process.
  - 18. The system of claim 11, the operations further comprising:
    - receiving a support request using the identity of the first user, the support request regarding a particular issue experienced by the first user;
      
      determining, based on the set of access characteristics of the first user, a computing asset related to the particular issue.
  - 19. The system of claim 18, the operations further comprising:
    - determining, based on the computing asset, sets of access characteristics of other users that accessed the computing asset; and
      
      determining, based on the sets of access characteristics of the other users that accessed the computing asset, a previously identified issue associated with the first asset.

20. A non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors of one or more computing devices, cause the one or more computing devices to perform operations comprising:
- accessing access data for a first user of a plurality of users, the access data for the first user indicating an access history by the first user to one or more of a plurality of available computing assets;
  
  analyzing, by a machine learning algorithm executing on one or more hardware processors, the access data of the first user to generate a set of access characteristics for the first user, the expected access characteristics for the first user identifying one or more expected characteristics when the first user accesses data;
  
  receiving an indication of a current access attempt for a first available computing asset, the current access attempt using an identity of the first user of the plurality of users;
  
  comparing at least one access characteristic associated with the current access attempt to the set of access characteristics for the first user, yielding a first comparison;
  
  determining a security level associated with the first available computing asset; and
  
  selecting, based on the first comparison and the level of security associated with the first available computing asset, a first authentication process from a plurality of authentication processes for presentation to the first user.
- View Dependent Claims (21)
- - 21. The non-transitory computer-readable medium of claim 20, the operations further comprising:
    - receiving an indication of a subsequent access attempt for a second available computing asset, the subsequent access attempt using the identity of the first user;
      
      comparing at least one access characteristic associated with the subsequent access attempt to the set of access characteristics for the first user, yielding a second comparison, wherein the at least one access characteristic associated with the subsequent access attempt is within a threshold similarity to the at least one access characteristic associated with the current access attempt;
      
      determining a security level associated with the second available computing asset, the security level associated with the second available computing asset being higher than the security level associated with the first available computing asset; and
      
      selecting, based on the second comparison and the level of security associated with the second available computing asset, a second authentication process from the plurality of authentication processes for presentation to the first user, the second authentication process requiring one piece of information not required in the first authentication process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Tuli, Vikram, Morales, Daniel
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Lakhia, Viral S

Application Number

US15/642,980
Publication Number

US 20190012441A1
Time in Patent Office

999 Days
Field of Search

713150-155, 726 2- 5
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

G06N 3/02   Neural networks

G06N 3/08   Learning methods

G06N 5/022   Knowledge engineering; Know...

Machine learning system for computing asset access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Machine learning system for computing asset access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links