Systems and methods for automatically performing secondary authentication of primary authentication credentials

US 10,652,238 B1
Filed: 06/10/2019
Issued: 05/12/2020
Est. Priority Date: 06/10/2019
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more processors; and

memory storing instructions, that when executed by the one or more processors, cause the system to;

receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device;

compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device;

responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement;

responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device;

responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service;

associate the first user model and the second user model with the user device;

subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials;

determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and

responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed technology includes systems and methods for determining secondary authentication of a user'"'"'s log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Citations

20 Claims

1. A system comprising:
- one or more processors; and
  
  memory storing instructions, that when executed by the one or more processors, cause the system to;
  
  receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device;
  
  compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device;
  
  responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement;
  
  responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device;
  
  responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service;
  
  associate the first user model and the second user model with the user device;
  
  subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials;
  
  determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and
  
  responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the instructions, when executed by the one or more processors, further cause the system to:
    - receive, from the user device, the primary authentication credentials;
      
      responsive to matching the received primary authentication credentials to stored primary authentication credentials, determine that the user meets a primary authentication requirement; and
      
      responsive to determining that the first current entry of primary authentication credentials meets the primary authentication requirement and the secondary authentication requirement, provide access to user-accessible system resources.
  - 3. The system of claim 1, wherein initiating the secondary authentication method comprises transmitting, to the user device, a request for secondary authentication credentials.
  - 4. The system of claim 1, wherein the comparing the received first behavioral biometric data to the first user model comprises comparing the current typing time data to the first model time data.
  - 5. The system of claim 1, wherein:
    - the received first behavioral biometric data comprises device identification data, andthe instructions, when executed by the one or more processors, further cause the system to, identify, based on the received first behavioral biometric data, the user device from a plurality of user devices associated with a common user.
  - 6. The system of claim 1, wherein the instructions, when executed by the one or more processors, further cause the system to:
    - receive, from the user device, subsequent behavioral biometric data indicative of the primary authentication credentials being entered on the user device at a subsequent time;
      
      determine a first level of similarity based on a comparison of the received subsequent behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received subsequent behavioral biometric data to the second user model;
      
      determine, based on the comparison of the received subsequent behavioral biometric data to the first user model, whether the first level of similarity is above the first predetermined threshold;
      
      determine, based on the comparison of the received subsequent behavioral biometric data to the second user model, whether the second level of similarity is above the first predetermined threshold; and
      
      responsive to determining that the first level of similarity or the second level of similarity is above the first predetermined threshold, determine that the user meets the secondary authentication requirement.
  - 7. The system of claim 6, wherein the instructions, when executed by the one or more processors, further cause the system to, discard the first user model responsive to determining that the received subsequent behavioral biometric data does not correspond to the first user model for a predetermined period.
  - 8. The system of claim 6, wherein the instructions, when executed by the one or more processors, further cause the system to:
    - responsive to the determining that the first level of similarity is above the first predetermined threshold, update the first user model to include at least a portion of the received subsequent behavioral biometric data; and
      
      responsive to the determining that the second level of similarity is above the first predetermined threshold, merge the first user model and the second user model into a merged user model to include at least a portion of the received subsequent behavioral biometric data.

9. An authentication device comprising:
- one or more processors; and
  
  memory storing instructions, that when executed by the one or more processors, cause the authentication device to;
  
  receive, from a user device, baseline behavioral biometric data corresponding to a baseline login attempt comprising entry of primary authentication credentials;
  
  generate a first user model based at least in part on the baseline biometric data, the first user model being associated with a first credential entry method;
  
  receive, from the user device, first scenario data corresponding to a first current login attempt;
  
  determine, based on a comparison of the first scenario data to the first user model, a level of similarity between the first scenario data and the first user model;
  
  responsive to determining that the level of similarity is above a first predetermined threshold corresponding to secondary authentication of login attempts, (i) determine that the first current login attempt is secondarily authorized and (ii) update the first user model to include at least a portion of the first scenario data; and
  
  responsive to determining that the level of similarity is below a second predetermined threshold, wherein the second predetermined threshold is different from the first predetermined threshold and wherein the level of similarity being below the second threshold indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method;
  
  initiate a secondary authentication method; and
  
  in response to the secondary authentication method being validated, associate the first scenario data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service;
  
  associate the first user model and the second user model with the user device;
  
  subsequent to receiving the first scenario data, receive second scenario data indicative of a second current entry of the authentication credentials;
  
  determine a first level of similarity based on a comparison of the second scenario data to the first user model and a second level of similarity based on a comparison of the second scenario data to the second user model; and
  
  responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the second scenario data with a third user model, the third user model being associated with a third credential entry method.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The authentication device of claim 9, wherein the instructions, when executed by the one or more processors, further cause the authentication device to:
    - receive, from the user device, the primary authentication credentials of the first current login attempt;
      
      responsive to matching the received primary authentication credentials to stored primary authentication credentials, determine that the first current login attempt is firstly authorized; and
      
      responsive to determining that the first current login attempt is firstly authorized and secondarily authorized, provide access to user-accessible system resources.
  - 11. The authentication device of claim 9, wherein initiating the secondary authentication method comprises transmitting, to the user device, a request for secondary authentication credentials.
  - 12. The authentication device of claim 9, wherein the comparing the first scenario data to the first user model comprises comparing current typing time data of the first scenario data to stored typing time data associated with the first user model.
  - 13. The authentication device of claim 9, wherein:
    - the first scenario data comprises device identification data, andthe instructions, when executed by the one or more processors, further cause the authentication device to, identify, based on the first scenario data, the user device from a plurality of user devices associated with a common user.

14. A method comprising:
- receiving first behavioral biometric data indicative of a first current entry of primary authentication credentials on a user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device;
  
  comparing the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device;
  
  responsive to determining, based on the comparing, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determining that the first current entry of primary authentication credentials meets a secondary authentication requirement;
  
  responsive to determining that the level of similarity is below the first predetermined threshold, initiating a secondary authentication method with the user of the user device;
  
  responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associating the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service;
  
  associating the first user model and the second user model with the user device;
  
  subsequent to receiving the first current entry of the authentication credentials, receiving second behavioral biometric data indicative of a second current entry of the authentication credentials;
  
  determining a first level of similarity based on a comparison of the second received behavioral biometric data to the first user model and a second level of similarity based on a comparison of the second received behavioral biometric data to the second user model; and
  
  responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associating the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 further comprising:
    - receiving the primary authentication credentials;
      
      responsive to matching the received primary authentication credentials to stored primary authentication credentials, determining that the user meets a primary authentication requirement; and
      
      responsive to determining that the first current entry of primary authentication credentials meets the primary authentication requirement and the secondary authentication requirement, providing access to user-accessible system resources.
  - 16. The method of claim 14, wherein the initiating the secondary authentication method comprises transmitting, to the user device, a request for secondary authentication credentials.
  - 17. The method of claim 14, wherein the comparing the received behavioral biometric data to the first user model comprises comparing the current typing time data to the first model time data.
  - 18. The method of claim 14, wherein the received behavioral biometric data comprises device identification data, the method further comprising:
    - identifying, based on the received behavioral biometric data, the user device from a plurality of user devices associated with a common user.
  - 19. The method of claim 14 further comprising:
    - receiving, from the user device, subsequent behavioral biometric data indicative of the primary authentication credentials being entered on the user device at a subsequent time;
      
      determining a first level of similarity based on a comparison of the received subsequent behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received subsequent behavioral biometric data to the second user model;
      
      determining, based on the comparison of the received subsequent behavioral biometric data to the first user model, whether the first level of similarity is above the first predetermined threshold;
      
      determining, based on the comparison of the received subsequent behavioral biometric data to the second user model, whether the second level of similarity is above the first predetermined threshold; and
      
      responsive to determining that the first level of similarity or the second level of similarity is above the first predetermined threshold, determining that the user meets the secondary authentication requirement.
  - 20. The method of claim 19 further comprising:
    - discarding the first user model responsive to determining that the received subsequent behavioral biometric data does not correspond to the first user model for a predetermined period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Edwards, Joshua, Ji, Jason, Chatman, Ljubica, Mossoba, Michael, Rodriguez, Carlos
Primary Examiner(s)
Vu, Phy Anh T

Application Number

US16/436,437
Time in Patent Office

337 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04W 12/068   using credential vaults, e....

H04W 12/08   Access security

H04W 12/10   Integrity

Systems and methods for automatically performing secondary authentication of primary authentication credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for automatically performing secondary authentication of primary authentication credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links