Consolidated multi-factor risk analysis

US 10,609,037 B2
Filed: 03/28/2017
Issued: 03/31/2020
Est. Priority Date: 03/28/2017
Status: Active Grant

First Claim

Patent Images

1. A tangible, non-transitory, machine-readable medium storing instructions that, when executed by one or more processors, effectuate operations comprising:

receiving, with one or more processors, via a network, an authentication request sent by a first computing device associated with and in possession of a user to be authenticated;

determining, with one or more processors, a second computing device, different from the first computing device, associated with and in possession of the user based on a record created before receiving the authentication request;

sending, with one or more processors, via a network, instructions to the second computing device that cause the second computing device to effectuate operations comprising;

forming with the second computing device, or accessing in storage of the second computing device, an observed profile of the second computing device, wherein the observed profile is based on attributes of the second computing device, the attributes including;

attributes of physical hardware of the second computing device,attributes of software installed on the second computing device,attributes of firmware installed on the second computing device, orusage attributes of the second computing device, andsending, via a network, the observed profile in response to receiving the instructions;

receiving, with one or more processors, via a network, the observed profile;

accessing, with one or more processors, a known profile of the second computing device formed, at least in part, before receiving the authentication request, wherein the known profile is based on the attributes of the second computing device;

determining, with one or more processors, that the known profile corresponds to the observed profile based on correspondence between known and observed attributes of the second computing device;

sending, with one or more processors, an authentication credential to either the second computing device or the first computing device;

after sending the authentication credential, receiving, with one or more processors, the authentication credential from either the first computing device or the second computing device, wherein the authentication credential is received from a different computing device from the computing device to which the authentication credential was sent;

in response to receiving the authentication credential and the determination that the known profile corresponds to the observed profile, determining, with one or more processors, that the user is authenticated; and

sending, with one or more processors, via a network, a message indicating that the user is authenticated or granting access to resources in response to determining that the user is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a process of authenticating a user, the process including: receiving an authentication request sent by a first computing device; receiving an observed profile of the second computing device; accessing a known profile of the second computing device; determining that the known profile corresponds to the observed profile; sending an authentication credential to either the second computing device or the first computing device; receiving the authentication credential from either the first computing device or the second computing device; and in response to receiving the authentication credential and the determination that the known profile corresponds to the observed profile, determining that the user is authenticated.

15 Citations

View as Search Results

20 Claims

1. A tangible, non-transitory, machine-readable medium storing instructions that, when executed by one or more processors, effectuate operations comprising:
- receiving, with one or more processors, via a network, an authentication request sent by a first computing device associated with and in possession of a user to be authenticated;
  
  determining, with one or more processors, a second computing device, different from the first computing device, associated with and in possession of the user based on a record created before receiving the authentication request;
  
  sending, with one or more processors, via a network, instructions to the second computing device that cause the second computing device to effectuate operations comprising;
  
  forming with the second computing device, or accessing in storage of the second computing device, an observed profile of the second computing device, wherein the observed profile is based on attributes of the second computing device, the attributes including;
  
  attributes of physical hardware of the second computing device,attributes of software installed on the second computing device,attributes of firmware installed on the second computing device, orusage attributes of the second computing device, andsending, via a network, the observed profile in response to receiving the instructions;
  
  receiving, with one or more processors, via a network, the observed profile;
  
  accessing, with one or more processors, a known profile of the second computing device formed, at least in part, before receiving the authentication request, wherein the known profile is based on the attributes of the second computing device;
  
  determining, with one or more processors, that the known profile corresponds to the observed profile based on correspondence between known and observed attributes of the second computing device;
  
  sending, with one or more processors, an authentication credential to either the second computing device or the first computing device;
  
  after sending the authentication credential, receiving, with one or more processors, the authentication credential from either the first computing device or the second computing device, wherein the authentication credential is received from a different computing device from the computing device to which the authentication credential was sent;
  
  in response to receiving the authentication credential and the determination that the known profile corresponds to the observed profile, determining, with one or more processors, that the user is authenticated; and
  
  sending, with one or more processors, via a network, a message indicating that the user is authenticated or granting access to resources in response to determining that the user is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The medium of claim 1, wherein the observed profile includes the attributes of physical hardware, the attributes of physical hardware including at least two of the following:
    - screen size;
      
      processor model;
      
      processor cache size;
      
      processor speed;
      
      memory size;
      
      device manufacturer;
      
      radio type;
      
      camera attributes;
      
      orinertial measurement unit attributes.
  - 3. The medium of claim 1, wherein the observed profile includes the attributes of software installed on the second computing device, the attributes of software including at least two of the following:
    - an installed application;
      
      a version of an installed application;
      
      configuration of an installed application;
      
      permissions settings for an installed transaction;
      
      storage file paths of an installed applications;
      
      operating system;
      
      operating system version;
      
      orconfiguration of an operating system.
  - 4. The medium of claim 1, wherein the observed profile includes the attributes of firmware installed on the second computing device, the attributes of firmware including at least two of the following:
    - firmware installed;
      
      a version of installed firmware;
      
      a register setting of installed firmware;
      
      an installation date of installed firmware;
      
      ora configuration of installed firmware.
  - 5. The medium of claim 1, wherein observed profile includes the usage attributes, the usage attributes including at least two of the following:
    - a cellular carrier;
      
      a wireless access point secure set identifier stored in memory;
      
      a beacon identifier received wirelessly by the second computing device;
      
      a current geolocation of the second computing device sensed by a geolocation sensor of the second computing device;
      
      a past geolocation of the second computing device sensed by a geolocation sensor of the second computing device and stored in memory of the second computing device;
      
      ora match between a public Internet Protocol address of the first computing device and the second computing device.
  - 6. The medium of claim 1, wherein determining that the known profile corresponds to the observed profile comprises:
    - determining a score based on both;
      
      whether each of a plurality of attributes of the second computing device match between the known profile and the observed profile, anda plurality of weightings associated with respective attributes; and
      
      determining whether that the score satisfies a threshold.
  - 7. The medium of claim 6, wherein:
    - the weights or the threshold are adjusted dynamically based on feedback indicative of false positives or false negatives in authentication determinations.
  - 8. The medium of claim 6, wherein:
    - the weights are determined by training a supervised learning model on a training set with false positives and false negatives in real or simulated authentication determinations.
  - 9. The medium of claim 1, wherein determining that the known profile corresponds to the observed profile comprises:
    - obtaining a plurality of rules, wherein;
      
      the rules are each based on one or more attributes of both the known profile and the observed profile, andat least some of the rules express necessary but not sufficient conditions for determining that the known profile corresponds to the observed profile;
      
      evaluating the rules with a rules engine to produce a plurality of evaluating results; and
      
      determining that the known profile corresponds to the observed profile based on the plurality of evaluation results.
  - 10. The medium of claim 9, wherein:
    - some of the rules are applied by the rules engine in response to evaluation results of a first rule, and wherein other rules are not applied by the rules engine in response to evaluation results of a second rule among the plurality of rules.
  - 11. The medium of claim 1, the operations further comprising:
    - receiving another authentication credential from the first computing device, wherein determining that the user is authenticated is based on both received authentication credentials.
  - 12. The medium of claim 1, wherein determining that the known profile corresponds to the observed profile comprises steps for determining that a known profile corresponds to an observed profile.
  - 13. The medium of claim 1, the operations comprising:
    - determining that the observed profile is different from the known profile and, in response, updating the known profile to more closely match the observed profile.
  - 14. The medium of claim 1, wherein:
    - determining that the known profile corresponds to the observed profile comprises determining that the known profile partially corresponds to the observed profile; and
      
      the message indicating that the user is authenticated is sent and indicates that the user is authenticated to access fewer resources than if the known profile more fully corresponded to the observed profile.
  - 15. The medium of claim 1, wherein:
    - both the observed profile and the known profile include at least twelve of the following;
      
      screen size;
      
      processor model;
      
      processor cache size;
      
      processor speed;
      
      memory size;
      
      device manufacturer;
      
      radio type;
      
      camera attributes;
      
      inertial measurement unit attributes;
      
      an installed application;
      
      a version of an installed application;
      
      configuration of an installed application;
      
      permissions settings for an installed transaction;
      
      storage file paths of an installed applications;
      
      operating system;
      
      operating system version;
      
      configuration of an operating system;
      
      firmware installed;
      
      a version of installed firmware;
      
      a register setting of installed firmware;
      
      an installation date of installed firmware;
      
      a configuration of installed firmware;
      
      a cellular carrier;
      
      a wireless access point secure set identifier stored in memory;
      
      a beacon identifier received wirelessly by the second computing device;
      
      a current geolocation of the second computing device sensed by a geolocation sensor of the second computing device;
      
      a past geolocation of the second computing device sensed by a geolocation sensor of the second computing device and stored in memory of the second computing device;
      
      an interaction pattern;
      
      ora match between a public Internet Protocol address of the first computing device and the second computing device;
      
      the observed profile is formed by the second computing device in response to the instructions being received in a push notification by an application executing on the second computing device as a background process;
      
      determining that the user is authenticated is based on a two-factor authentication protocol including as one of the two factors the authentication credential sent to the second computing device;
      
      the authentication credential is sent to the second computing device in response to the determination that the known profile matches the observed profile;
      
      the second computing device is a mobile computing device previously registered by the user as being associated with a user account of the user, the user account including a user identifier submitted with the authentication request or retrieved after receiving the authentication request;
      
      the first computing device executes a web browser that causes the authentication request to be sent; and
      
      determining that the known profile corresponds to the observed profile comprises determining that more than a threshold amount of attributes match, wherein the threshold is determined based on a risk score associated with the authentication request, the risk score being determined based on a profile of the user including data about previous computing sessions.
  - 16. The medium of claim 1, the operations further comprising:
    - providing access to an application in response to the message indicating that the user is authenticated; and
      
      providing services to the user via the first computing device with the application.

17. A method, comprising:
- receiving, via a network, an authentication request sent by a first computing device associated with and in possession of a user to be authenticated;
  
  determining a second computing device, different from the first computing device, associated with and in possession of the user based on a record created before receiving the authentication request;
  
  sending, via a network, instructions to the second computing device that cause the second computing device to effectuate operations comprising;
  
  forming with the second computing device, or accessing in storage of the second computing device, an observed profile of the second computing device, wherein the observed profile is based on attributes of the second computing device, the attributes including;
  
  attributes of physical hardware of the second computing device,attributes of software installed on the second computing device,attributes of firmware installed on the second computing device, orusage attributes of the second computing device, andsending, via a network, the observed profile in response to receiving the instructions;
  
  receiving, via a network, the observed profile;
  
  accessing a known profile of the second computing device formed, at least in part, before receiving the authentication request, wherein the known profile is based on the attributes of the second computing device;
  
  determining that the known profile corresponds to the observed profile based on correspondence between known and observed attributes of the second computing device;
  
  sending an authentication credential to either the second computing device or the first computing device;
  
  after sending the authentication credential, receiving the authentication credential from either the first computing device or the second computing device, wherein the authentication credential is received from a different computing device from the computing device to which the authentication credential was sent;
  
  in response to receiving the authentication credential and the determination that the known profile corresponds to the observed profile, determining that the user is authenticated; and
  
  sending, via a network, a message indicating that the user is authenticated or granting access to resources in response to determining that the user is authenticated.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein:
    - both the observed profile and the known profile include at least six of the following;
      
      screen size;
      
      processor model;
      
      processor cache size;
      
      processor speed;
      
      memory size;
      
      device manufacturer;
      
      radio type;
      
      camera attributes;
      
      inertial measurement unit attributes;
      
      an installed application;
      
      a version of an installed application;
      
      configuration of an installed application;
      
      permissions settings for an installed transaction;
      
      storage file paths of an installed applications;
      
      operating system;
      
      operating system version;
      
      configuration of an operating system;
      
      firmware installed;
      
      a version of installed firmware;
      
      a register setting of installed firmware;
      
      an installation date of installed firmware;
      
      a configuration of installed firmware;
      
      a cellular carrier;
      
      a wireless access point secure set identifier stored in memory;
      
      a beacon identifier received wirelessly by the second computing device;
      
      a current geolocation of the second computing device sensed by a geolocation sensor of the second computing device;
      
      a past geolocation of the second computing device sensed by a geolocation sensor of the second computing device and stored in memory of the second computing device;
      
      an interaction pattern;
      
      ora match between a public Internet Protocol address of the first computing device and the second computing device.
  - 19. The method of claim 17, wherein:
    - determining that the user is authenticated is based on a two-factor authentication protocol including as one of the two factors the authentication credential sent to the second computing device;
      
      the authentication credential is sent to the second computing device in response to the determination that the known profile matches the observed profile;
      
      the second computing device is a mobile computing device previously registered by the user as being associated with a user account of the user, the user account including a user identifier submitted with the authentication request or retrieved after receiving the authentication request; and
      
      the first computing device executes a web browser that causes the authentication request to be sent.
  - 20. The method of claim 17, wherein:
    - at least part of the observed profile is formed by the second computing device in response to the instructions being received in a push notification by an application executing on the second computing device as a background process;
      
      determining that the user is authenticated is based on a two-factor authentication protocol including as one of the two factors the authentication credential sent to the second computing device;
      
      the authentication credential is sent to the second computing device in response to the determination that the known profile matches the observed profile;
      
      the second computing device is a mobile computing device previously registered by the user as being associated with a user account of the user, the user account including a user identifier submitted with the authentication request or retrieved after receiving the authentication request;
      
      the first computing device executes a web browser that causes the authentication request to be sent; and
      
      determining that the known profile corresponds to the observed profile comprises determining that more than a threshold amount of attributes match, wherein the threshold is determined based on a risk score associated with the authentication request, the risk score being determined based on a profile of the user including data about previous computing sessions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Jackson, Jerry, Chell, Charley, Frantz, Jeff
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US15/471,714
Publication Number

US 20180288060A1
Time in Patent Office

1,099 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/1408   by monitoring network traff...

H04W 12/30   Security of mobile devices;...

H04W 12/63   Location-dependent; Proximi...

Consolidated multi-factor risk analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Consolidated multi-factor risk analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links