Cross channel authentication elevation via logic repository

US 10,728,256 B2
Filed: 10/30/2017
Issued: 07/28/2020
Est. Priority Date: 10/30/2017
Status: Active Grant

First Claim

Patent Images

1. A system for elevated authentication model based on cross-channel data, the system comprising:

at least one non-transitory memory device with computer-readable code stored thereon;

at least one processing device; and

at least one module stored in said memory device and comprising instruction code that is executable by the at least one processing device and configured to cause said at least one processing device to;

receive, via a distributed network of servers, one or more exposure events from a detection system, wherein the one or more exposure events is associated with a score, wherein the score for each of the one or more exposure events is assigned by a machine learning algorithm, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in one or more communication channels associated with the detection system, wherein the authentication requirement is associated with user access to one or more functions associated with one or more applications;

store the one or more exposure events in a centralized data repository, wherein storing further comprises enabling one or more detection systems connected to the centralized data repository to access the one or more exposure events received from the detection system, wherein the one or more detection systems are configured to monitor the one or more communication channels used by the user for authentication each time the user attempts to access the one or more applications;

electronically receive one or more categories dynamically generated within each of the one or more detection systems;

categorize the one or more exposure events into the one or more categories for each of the one or more detection system;

generate a prediction model using one or more parameters from the one or more exposure events stored in the centralized data repository to identify a pattern in the one or more exposure events, wherein the one or more parameters comprises at least the score associated with each of the one or more exposure events and a frequency of incidence of the one or more exposure events;

determine, using the prediction model, that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event in the combination of at least a portion of the one or more exposure events, wherein determining further comprises continuously executing statistical analysis algorithms on the one or more exposure events stored in the centralized data repository to determine whether the combination of at least a portion of the one or more exposure events meets a threshold level associated with the intrusion;

initiate the elevated review based on at least the indication of the intrusion, wherein initiating further comprises moving the one or more exposure events associated with the intrusion from the centralized data repository to a computing device associated with a user;

initiate a presentation of a user interface for display on the computing device, wherein the user interface comprises information associated with each exposure event associated with the intrusion;

receive, via the user interface, a user input indicating whether the intrusion is benign or harmful;

re-train the machine learning algorithm based on at least determining whether the intrusion is benign or harmful based on at least receiving the user interface, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events;

determine one or more other communication channels across the one or more detection systems available for access to the user, wherein the one or more other communication channels are capable of authenticating the user; and

increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer program products, and methods are described herein for elevated authentication model using cross-channel data. The present invention is configured to receive one or more exposure events from a detection system, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in at least one communication channel associated with the detection system; store the one or more exposure events in a centralized repository; determine one or more other communication channels across the one or more detection systems available for access to the user; and increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.

Citations

17 Claims

1. A system for elevated authentication model based on cross-channel data, the system comprising:
- at least one non-transitory memory device with computer-readable code stored thereon;
  
  at least one processing device; and
  
  at least one module stored in said memory device and comprising instruction code that is executable by the at least one processing device and configured to cause said at least one processing device to;
  
  receive, via a distributed network of servers, one or more exposure events from a detection system, wherein the one or more exposure events is associated with a score, wherein the score for each of the one or more exposure events is assigned by a machine learning algorithm, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in one or more communication channels associated with the detection system, wherein the authentication requirement is associated with user access to one or more functions associated with one or more applications;
  
  store the one or more exposure events in a centralized data repository, wherein storing further comprises enabling one or more detection systems connected to the centralized data repository to access the one or more exposure events received from the detection system, wherein the one or more detection systems are configured to monitor the one or more communication channels used by the user for authentication each time the user attempts to access the one or more applications;
  
  electronically receive one or more categories dynamically generated within each of the one or more detection systems;
  
  categorize the one or more exposure events into the one or more categories for each of the one or more detection system;
  
  generate a prediction model using one or more parameters from the one or more exposure events stored in the centralized data repository to identify a pattern in the one or more exposure events, wherein the one or more parameters comprises at least the score associated with each of the one or more exposure events and a frequency of incidence of the one or more exposure events;
  
  determine, using the prediction model, that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event in the combination of at least a portion of the one or more exposure events, wherein determining further comprises continuously executing statistical analysis algorithms on the one or more exposure events stored in the centralized data repository to determine whether the combination of at least a portion of the one or more exposure events meets a threshold level associated with the intrusion;
  
  initiate the elevated review based on at least the indication of the intrusion, wherein initiating further comprises moving the one or more exposure events associated with the intrusion from the centralized data repository to a computing device associated with a user;
  
  initiate a presentation of a user interface for display on the computing device, wherein the user interface comprises information associated with each exposure event associated with the intrusion;
  
  receive, via the user interface, a user input indicating whether the intrusion is benign or harmful;
  
  re-train the machine learning algorithm based on at least determining whether the intrusion is benign or harmful based on at least receiving the user interface, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events;
  
  determine one or more other communication channels across the one or more detection systems available for access to the user, wherein the one or more other communication channels are capable of authenticating the user; and
  
  increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the authentication level are associated with at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication comprises a multi-step verification of at least two authentication types, wherein verification further comprises receiving a user input of at least two authentication credentials, wherein the authentication type associated with the multi-step verification is at least one of a username, a password, a personal identification number, or a biometric indicia.
  - 3. The system of claim 1, wherein the module is further configured to:
    - receive one or more authentication credentials from the user based on at least increased authentication requirement;
      
      validate the one or more authentication credentials;
      
      determine that the user is authorized to access the one or more functions associated with the one or more functions based on at least validating the one or more authentication credentials; and
      
      restore the authentication requirement of the user in the one or more other communication channels based on at least determining that the user is authorized.
  - 4. The system of claim 1 wherein determining the combination of at least a portion of the one or more exposure events that indicated the intrusion further comprises:
    - retrieving information associated with the one or more exposure events from the one or more detection systems;
      
      storing the information in the centralized data repository until a pattern associated with the intrusion based on the one or more exposure events is detected; and
      
      determining the pattern associated with at least a portion of the one or more exposure events, wherein the pattern comprises the combination of at least a portion of the one or more exposure events.
  - 5. The system of claim 1 wherein the module is further configured to:
    - establish a communication link between the one or more detection systems and the centralized data repository, wherein establishing further comprises establishing a data channel between each of the one or more detection systems and the centralized data repository.
  - 6. The system of claim 5, wherein receiving the one or more exposure events from the one or more detection systems further comprises:
    - receiving a request from each of the one or more detection systems to connect to the centralized data repository, wherein the one or more detection systems are previously disconnected from the centralized data repository, wherein the one or more detection systems connect to the data channel based on at least an incidence of a exposure event in the detection system, wherein the exposure event is associated with the one or more exposure events; and
      
      connecting the one or more detection systems to the centralized data repository based on at least the received request.
  - 7. The system of claim 1, wherein determining that the intrusion is benign further comprises determining, based on the elevated review, that the intrusion is not an actual threat.
  - 8. The system of claim 1, wherein determining that the intrusion is harmful further comprises determining, based on the elevated review, that the intrusion is an actual threat.

9. A computer implemented method for elevated authentication model based on cross-channel data, the method comprising:
- receiving, via a distributed network of servers, one or more exposure events from a detection system, wherein the one or more exposure events is associated with a score, wherein the score for each of the one or more exposure events is assigned by a machine learning algorithm, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in one or more communication channels associated with the detection system, wherein the authentication requirement is associated with user access to one or more functions associated with one or more applications;
  
  storing, using a computing device processor, the one or more exposure events in a centralized data repository, wherein storing further comprises enabling one or more detection systems connected to the centralized data repository to access the one or more exposure events received from the detection system, wherein the one or more detection systems are configured to monitor the one or more communication channels used by the user for authentication each time the user attempts to access the one or more applications;
  
  electronically receiving one or more categories dynamically generated within each of the one or more detection systems;
  
  categorizing the one or more exposure events into the one or more categories for each of the one or more detection system;
  
  generating, using a computing device processor, a prediction model using one or more parameters from the one or more exposure events stored in the centralized data repository to identify a pattern in the one or more exposure events, wherein the one or more parameters comprises at least the score associated with each of the one or more exposure events and a frequency of incidence of the one or more exposure events;
  
  determining, using a computing device processor, using the prediction model, that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event in the combination of at least a portion of the one or more exposure events, wherein determining further comprises continuously executing statistical analysis algorithms on the one or more exposure events stored in the centralized data repository to determine whether the combination of at least a portion of the one or more exposure events meets a threshold level associated with the intrusion;
  
  initiating the elevated review based on at least the indication of the intrusion, wherein initiating further comprises moving the one or more exposure events associated with the intrusion from the centralized data repository to a computing device associated with a user;
  
  initiating a presentation of a user interface for display on the computing device, wherein the user interface comprises information associated with each exposure event associated with the intrusion;
  
  receiving, via the user interface, a user input indicating whether the intrusion is benign or harmful;
  
  re-training the machine learning algorithm based on at least determining whether the intrusion is benign or harmful based on at least receiving the user interface, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events;
  
  determining, using a computing device processor, one or more other communication channels across the one or more detection systems available for access to the user, wherein the one or more other communication channels are capable of authenticating the user; and
  
  increasing, using a computing device processor, an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the authentication level are associated with at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication comprises a multi-step verification of at least two authentication types, wherein verification further comprises receiving a user input of at least two authentication credentials, wherein the authentication type associated with the multi-step verification is at least one of a username, a password, a personal identification number, or a biometric indicia.
  - 11. The method of claim 9, wherein the method further comprises:
    - receiving one or more authentication credentials from the user based on at least increased authentication requirement;
      
      validating the one or more authentication credentials;
      
      determining that the user is authorized to access the one or more functions associated with the one or more functions based on at least validating the one or more authentication credentials; and
      
      restoring the authentication requirement of the user in the one or more other communication channels based on at least determining that the user is authorized.
  - 12. The method of claim 9, wherein determining the combination of at least a portion of the one or more exposure events that indicated the intrusion further comprises:
    - retrieving information associated with the one or more exposure events from the one or more detection systems;
      
      storing the information in the centralized data repository until a pattern associated with the intrusion based on the one or more exposure events is detected; and
      
      determining the pattern associated with at least a portion of the one or more exposure events, wherein the pattern comprises the combination of at least a portion of the one or more exposure events.
  - 13. The method of claim 9, wherein determining that the intrusion is benign further comprises determining, based on the elevated review, that the intrusion is not an actual threat.

14. A computer program product for elevated authentication model based on cross-channel data, the computer program product comprising a non-transitory computer-readable medium comprising code causing a first apparatus to:
- receive, via a distributed network of servers, one or more exposure events from a detection system, wherein the one or more exposure events is associated with a score, wherein the score for each of the one or more exposure events is assigned by a machine learning algorithm, wherein at least one of the one or more exposure events indicates that a user has failed an authentication requirement in one or more communication channels associated with the detection system, wherein the authentication requirement is associated with user access to one or more functions associated with one or more applications;
  
  store the one or more exposure events in a centralized data repository, wherein storing further comprises enabling one or more detection systems connected to the centralized data repository to access the one or more exposure events received from the detection system, wherein the one or more detection systems are configured to monitor the one or more communication channels used by the user for authentication each time the user attempts to access the one or more applications;
  
  electronically receive one or more categories dynamically generated within each of the one or more detection systems;
  
  categorize the one or more exposure events into the one or more categories for each of the one or more detection system;
  
  generate a prediction model using one or more parameters from the one or more exposure events stored in the centralized data repository to identify a pattern in the one or more exposure events, wherein the one or more parameters comprises at least the score associated with each of the one or more exposure events and a frequency of incidence of the one or more exposure events;
  
  determine, using the prediction model, that a combination of at least a portion of the one or more exposure events indicates an intrusion in at least one of the one or more detection systems, thereby requiring elevated review of each exposure event in the combination of at least a portion of the one or more exposure events, wherein determining further comprises continuously executing statistical analysis algorithms on the one or more exposure events stored in the centralized data repository to determine whether the combination of at least a portion of the one or more exposure events meets a threshold level associated with the intrusion;
  
  initiate the elevated review based on at least the indication of the intrusion, wherein initiating further comprises moving the one or more exposure events associated with the intrusion from the centralized data repository to a computing device associated with a user;
  
  initiate a presentation of a user interface for display on the computing device, wherein the user interface comprises information associated with each exposure event associated with the intrusion;
  
  receive, via the user interface, a user input indicating whether the intrusion is benign or harmful;
  
  re-train the machine learning algorithm based on at least determining whether the intrusion is benign or harmful based on at least receiving the user interface, thereby adjusting the score for future incidents of each exposure event in the combination of at least a portion of the one or more exposure events;
  
  determine one or more other communication channels across the one or more detection systems available for access to the user, wherein the one or more other communication channels are capable of authenticating the user; and
  
  increase an authentication requirement of the user in the one or more other communication channels, wherein increasing the authentication requirement further comprises increasing an authentication level required to enable the user to access at least one of the one or more functions associated with at least one of the one or more applications.
- View Dependent Claims (15, 16, 17)
- - 15. The computer program product of claim 14, wherein the authentication level are associated with at least one of a hard authentication, a soft authentication, and a zero authentication, wherein the hard authentication comprises a multi-step verification of at least two authentication types, wherein verification further comprises receiving a user input of at least two authentication credentials, wherein the authentication type associated with the multi-step verification is at least one of a username, a password, a personal identification number, or a biometric indicia.
  - 16. The computer program product of claim 14, wherein determining the combination of at least a portion of the one or more exposure events that indicated the intrusion further comprises:
    - retrieving information associated with the one or more exposure events from the one or more detection systems;
      
      storing the information in the centralized data repository until a pattern associated with the intrusion based on the one or more exposure events is detected; and
      
      determining the pattern associated with at least a portion of the one or more exposure events, wherein the pattern comprises the combination of at least a portion of the one or more exposure events.
  - 17. The computer program product of claim 14, wherein determining that the intrusion is benign further comprises determining, based on the elevated review, that the intrusion is not an actual threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Sims, Scott Anderson, Bell, Kolt Arthur, Carroll, Michael Joseph, Kim, Andrew DongHo, Piatetsky, Elliot, Schneeweis, Stephen M., Toth, Michael E., Widmann, Craig D., Satija, Dharmender Kumar, Alapati, Sai Kishan
Primary Examiner(s)
Thiaw, Catherine

Application Number

US15/798,163
Publication Number

US 20190132328A1
Time in Patent Office

1,002 Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Cross channel authentication elevation via logic repository

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Cross channel authentication elevation via logic repository

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links