IMPLICIT AUTHENTICATION
First Claim
1. A method for implicitly authenticating a user to access a controlled resource, the method comprising:
- receiving a request to access the controlled resource;
determining a user behavior score based at least on a user behavior model derived from historical contextual data of a user, and recent contextual data of the user collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication,wherein the user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern,wherein the recent contextual data comprise a plurality of data streams which provide basis for the determination of the user behavior score, andwherein a data stream alone provides insufficient basis for the determination of the user behavior score; and
providing the user behavior score to an access controller of the controlled resource, thereby making an authentication decision derived from the user behavior score for the user to access the controlled resource based at least on the user behavior score.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource.
357 Citations
27 Claims
-
1. A method for implicitly authenticating a user to access a controlled resource, the method comprising:
-
receiving a request to access the controlled resource; determining a user behavior score based at least on a user behavior model derived from historical contextual data of a user, and recent contextual data of the user collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication, wherein the user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern, wherein the recent contextual data comprise a plurality of data streams which provide basis for the determination of the user behavior score, and wherein a data stream alone provides insufficient basis for the determination of the user behavior score; and providing the user behavior score to an access controller of the controlled resource, thereby making an authentication decision derived from the user behavior score for the user to access the controlled resource based at least on the user behavior score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for implicitly authenticating a user to access a controlled resource, the system comprising:
-
a user access request receiver configured to receive a request to access the controlled resource; a behavioral score grader configured to determine a user behavior score based at least on a user behavior model derived from historical contextual data of a user, and recent contextual data of the user collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication, wherein the user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern, wherein the recent contextual data comprise a plurality of data streams which provide basis for the determination of the user behavior score, and wherein a data stream alone provides insufficient basis for the determination of the user behavior score; and an authentication information provision mechanism configured to provide the user behavior score to an access controller of the controlled resource, thereby making an authentication decision derived from the user behavior score for the user to access the controlled resource based at least on the user behavior score. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for implicitly authenticating a user to access a controlled resource, the method comprising:
-
receiving a request to access the controlled resource; determining a user behavior score based at least on a user behavior model derived from historical contextual data of a user, and recent contextual data of the user collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication, wherein the user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern, wherein the recent contextual data comprise a plurality of data streams which provide basis for the determination of the user behavior score, and wherein a data stream alone provides insufficient basis for the determination of the user behavior score; and providing the user behavior score to an access controller of the controlled resource, thereby making an authentication decision derived from the user behavior score for the user to access the controlled resource based at least on the user behavior score.
-
Specification