User-Browser Interaction Analysis Authentication System

US 20080222712A1
Filed: 05/23/2008
Published: 09/11/2008
Est. Priority Date: 04/10/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user during an Internet commerce session, the method comprising:

during an e-commerce session with a user, receiving a request for an action from the user;

determining whether the requested action requires additional authentication;

in response to determining that the requested action requires additional authentication, requesting analysis of user-browser interaction for the session;

receiving a pattern matching score for the session, the pattern matching score providing an indication of a comparison between the user'"'"'s interaction with a browser during the session and a user-browser interaction profile for the user; and

performing ail action based on the pattern matching score and the requested action.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and media for authenticating a user based on user-browser interaction are disclosed. Embodiments of a method may include, during an e-commerce session with a user, receiving a request for an action from the user and determining whether the requested action requires additional authentication. Embodiments may also include requesting analysis of user-browser interaction for the session, receiving a pattern matching score for the session, and performing an action based on the pattern matching score and the requested action. The pattern matching score may provide an indication of a comparison between the user'"'"'s interaction with a browser during the session and a user-browser interaction profile for the user. The performed action may include completing an e-commerce transaction, accessing or modifying information, changing a password, requesting additional information, denying the requested action, or other action. Further embodiments may provide for authenticating the user with a first-level authentication.

Citations

27 Claims

1. A method for authenticating a user during an Internet commerce session, the method comprising:
- during an e-commerce session with a user, receiving a request for an action from the user;
  
  determining whether the requested action requires additional authentication;
  
  in response to determining that the requested action requires additional authentication, requesting analysis of user-browser interaction for the session;
  
  receiving a pattern matching score for the session, the pattern matching score providing an indication of a comparison between the user'"'"'s interaction with a browser during the session and a user-browser interaction profile for the user; and
  
  performing ail action based on the pattern matching score and the requested action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising establishing the e-commerce session with the user.
  - 3. The method of claim 1, further comprising authenticating the user with a first-level authentication.
  - 4. The method of claim 1, further comprising before performing the action based on the pattern matching score and the requested action, analyzing the pattern matching score.
  - 5. The method of claim 1, wherein receiving the pattern matching score for the session comprises determining the pattern matching score for the session.
  - 6. The method of claim 5, wherein determining the pattern matching score for the session comprises determining user-browser Interaction data associated with the session and comparing the user-browser interaction data to determined patterns in previous interaction data.
  - 7. The method of claim 1, wherein the requested action comprises one or more of completion of an e-commerce transaction, access to restricted information, modification of user information, or change to a password.
  - 8. The method of claim 1, wherein performing the action based on the pattern matching score and the requested action comprises one or more of completing an e-commerce transaction, accessing restricted information, modifying user information, changing a password for the user, requesting additional information, or denying the requested action.

9. A machine-accessible medium containing instructions effective, when executing in a data processing system, to cause said data processing system to perform operations comprising:
- during an e-commerce session with a user, receiving a request for an action from the user;
  
  determining whether the requested action requires additional authentication;
  
  in response to determining that the requested action requires additional authentication, requesting analysis of user-browser interaction for the session;
  
  receiving a pattern matching score for the session, the pattern matching score providing an indication of a comparison between the user'"'"'s interaction with a browser during the session and a user-browser interaction profile for the user; and
  
  performing an action based on the pattern matching score and the requested action.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The machine-accessible medium of claim 9, further comprising establishing the e-commerce session with the user.
  - 11. The machine-accessible medium of claim 9, further comprising authenticating the user with a first-level authentication.
  - 12. The machine-accessible medium of claim 9, further comprising before performing the action based oil the pattern matching score and the requested action, analyzing the pattern matching score.
  - 13. The machine-accessible medium of claim 9, wherein the requested action comprises one or more of completion of an e-commerce transaction, access to restricted information, modification of user information, or change to a password.
  - 14. The machine-accessible medium of claim 9, wherein performing the action based on the pattern matching score and the requested action comprises one or more of completing an e-commerce transaction, accessing restricted information, modifying user information, changing a password for the user, requesting additional information, or denying the requested action.

15. An e-commerce authentication system, the system comprising:
- an application server in communication with an incoming interaction server and a pattern matching server, the application server comprising;
  
  an e-commerce application to establish a session with a user of a client computer system to determine that additional authentication is required in response to a request by the user for an action;
  
  a pattern matching requester in communication with the e-commerce application to request analysis of user-browser interaction for the established session and to receive a pattern matching score for the established session; and
  
  wherein the e-commerce application is adapted to perform an action based on the pattern matching score for the established session and the requested action.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, further comprising;
    - an incoming interaction server in communication with the application server, the incoming interaction server comprising;
      
      a session data listener to receive user-browser interaction data from one or more client computer systems;
      
      an interaction data manager to associate received user-browser interaction data with a user login; and
      
      an interaction database interface to store the user-browser interaction and associated information in a user-browser interaction database.
  - 17. The system of claim 15, wherein the interaction data manager further comprises a profile matcher to match the received user-browser interaction data and user login with a user-browser interaction profile associated with the user.
  - 18. The system of claim 15, further comprising:
    - a pattern matching server in communication with the application server, the pattern matching server comprising;
      
      an application server interface to receive a request for a pattern matching score for a session from the application server and to transmit a determined pattern matching score to the application server;
      
      an interaction database interface to access stored user-browser interaction data; and
      
      an interaction data analyzer to analyze the stored user-browser interaction data associated with the session for patterns and to compare the determined patterns to user-browser interaction data associated with the session to determine a pattern matching score for the session.
  - 19. The system of claim 15, farther comprising a user-browser interaction database to store user-browser interaction data and associated information.
  - 20. The system of claim 15, further comprising a client computer system having a browser to receive input from a user.

21. A method for processing user-browser interaction data for an e-commerce session, the method comprising:
- during an e-commerce session with a user, receiving user-browser interaction data from a client computer system;
  
  associating the received user-browser interaction data with a user login for the session; and
  
  storing the user-browser interaction data and associated information in a user-browser interaction database, the associated information comprising an indication of the user login for the session.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein associating the received user-browser interaction data with the user login for the session comprises matching the received user-browser interaction data with a user-browser interaction profile associated with the user.

23. A method for determining a pattern matching score for an e-commerce session, the method comprising:
- determining user-browser interaction data associated with a current session;
  
  accessing user-browser interaction data associated with previous sessions for a user associated with the current session;
  
  analyzing the previous session user-browser interaction data to determine patterns in the user-browser interaction data; and
  
  determining a pattern matching score for the current session.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method of claim 23, further comprising before determining the user-browser interaction data associated with a current session, receiving a request to analyze user-browser interaction data for a session.
  - 25. The method of claim 23, further comprising transmitting the determined pattern matching score.
  - 26. The method of claim 23, wherein determining user-browser interaction data associated with the current session comprises determining user-browser interaction data associated with a user-browser Interaction profile associated with the current session.
  - 27. The method of claim 23, wherein determining a pattern matching score for the session comprises comparing user-browser interaction data for the current session with the determined patterns.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brian M O'Connell, Keith R. Walker
Original Assignee
Brian M O'Connell, Keith R. Walker
Inventors
O'Connell, Brian M., Walker, Keith R.

Granted Patent

US 8,918,479 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

User-Browser Interaction Analysis Authentication System

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

User-Browser Interaction Analysis Authentication System

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links