Systems and methods for automatically performing secondary authentication of primary authentication credentials
First Claim
1. A system comprising:
- one or more processors; and
memory storing instructions, that when executed by the one or more processors, cause the system to;
receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device;
compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device;
responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement;
responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device;
responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service;
associate the first user model and the second user model with the user device;
subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials;
determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and
responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed technology includes systems and methods for determining secondary authentication of a user'"'"'s log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.
-
Citations
20 Claims
-
1. A system comprising:
-
one or more processors; and memory storing instructions, that when executed by the one or more processors, cause the system to; receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device; compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device; responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement; responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device; responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service; associate the first user model and the second user model with the user device; subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials; determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An authentication device comprising:
-
one or more processors; and memory storing instructions, that when executed by the one or more processors, cause the authentication device to; receive, from a user device, baseline behavioral biometric data corresponding to a baseline login attempt comprising entry of primary authentication credentials; generate a first user model based at least in part on the baseline biometric data, the first user model being associated with a first credential entry method; receive, from the user device, first scenario data corresponding to a first current login attempt; determine, based on a comparison of the first scenario data to the first user model, a level of similarity between the first scenario data and the first user model; responsive to determining that the level of similarity is above a first predetermined threshold corresponding to secondary authentication of login attempts, (i) determine that the first current login attempt is secondarily authorized and (ii) update the first user model to include at least a portion of the first scenario data; and responsive to determining that the level of similarity is below a second predetermined threshold, wherein the second predetermined threshold is different from the first predetermined threshold and wherein the level of similarity being below the second threshold indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method; initiate a secondary authentication method; and in response to the secondary authentication method being validated, associate the first scenario data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service; associate the first user model and the second user model with the user device; subsequent to receiving the first scenario data, receive second scenario data indicative of a second current entry of the authentication credentials; determine a first level of similarity based on a comparison of the second scenario data to the first user model and a second level of similarity based on a comparison of the second scenario data to the second user model; and responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the second scenario data with a third user model, the third user model being associated with a third credential entry method. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving first behavioral biometric data indicative of a first current entry of primary authentication credentials on a user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device; comparing the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device; responsive to determining, based on the comparing, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determining that the first current entry of primary authentication credentials meets a secondary authentication requirement; responsive to determining that the level of similarity is below the first predetermined threshold, initiating a secondary authentication method with the user of the user device; responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associating the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service; associating the first user model and the second user model with the user device; subsequent to receiving the first current entry of the authentication credentials, receiving second behavioral biometric data indicative of a second current entry of the authentication credentials; determining a first level of similarity based on a comparison of the second received behavioral biometric data to the first user model and a second level of similarity based on a comparison of the second received behavioral biometric data to the second user model; and responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associating the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification