USER ACCOUNT BEHAVIOR TECHNIQUES

US 20110296003A1
Filed: 06/01/2010
Published: 12/01/2011
Est. Priority Date: 06/01/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method implemented by one or more modules at least partially in hardware, the method comprising:

determining whether interaction with a service provider via a user account deviates from a model, the model based on behavior that was previously observed as corresponding to the user account; and

responsive to the determining that the interaction deviates from the model, flagging the user account as potentially compromised by a malicious party.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User account behavior techniques are described. In implementations, a determination is made as to whether interaction with a service provider via a user account deviates from a model. The model is based on behavior that was previously observed as corresponding to the user account. Responsive to a determination that the interaction deviates from the model, the user account is flagged as being potentially compromised by a malicious party.

172 Citations

20 Claims

1. A method implemented by one or more modules at least partially in hardware, the method comprising:
- determining whether interaction with a service provider via a user account deviates from a model, the model based on behavior that was previously observed as corresponding to the user account; and
  
  responsive to the determining that the interaction deviates from the model, flagging the user account as potentially compromised by a malicious party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as described in claim 1, wherein the determined interaction involves communications and a number of the communications that are to be sent via the user account are within a permissible threshold.
  - 3. A method as described in claim 1, wherein the determining is performed without receiving feedback from an intended recipient of communications from the user account.
  - 4. A method as described in claim 1, wherein the model describes a sequence of actions that are typically performed using the user account.
  - 5. A method as described in claim 1, wherein the model describes intended recipients of communications that are composed via the user account.
  - 6. A method as described in claim 1, wherein the model describes a format of communications that are composed via the user account.
  - 7. A method as described in claim 1, wherein the model describes an amount of data stored in conjunction with the user account.
  - 8. A method as described in claim 1, wherein the model describes a number of items of data stored in conjunction with the user account.
  - 9. A method as described in claim 1, wherein the model describes login characteristics of the user account.
  - 10. A method as described in claim 1, wherein the model describes interaction performed via a social network.
  - 11. A method as described in claim 1, wherein the model describes online storage of data in conjunction with the user account.
  - 12. A method as described in claim 1, wherein the model describes customization of the user account.
  - 13. A method as described in claim 1, further comprising generating the model using statistics that describe the behavior.
  - 14. A method as described in claim 1, further comprising performing one or more actions to restrict the compromise to the user account.

15. A method implemented by one or more modules at least partially in hardware, the method comprising:
- generating a model that describes behaviors exhibited through interaction via a user account of a service provider, the interaction performed over a network, wherein the behaviors are chosen from a plurality of behaviors that are consistent for the user but are not consistent for other users of the service provider; and
  
  responsive to a determination that subsequent interaction performed via the user account deviates from the generated model, flagging the user account as potentially compromised by a malicious party.
- View Dependent Claims (16, 17)
- - 16. A method as described in claim 15, further comprising performing one or more actions to restrict the compromise to the user account responsive to the flagging.
  - 17. A method as described in claim 16, wherein the one or more actions include restricting the subsequent interaction that deviates from the generated model and permitting the subsequent interaction that is consistent with the model.

18. A method implemented by one or more modules at least partially in hardware, the method comprising:
- examining data that describes interaction with a service provider via a user account;
  
  detecting two or more distinct behavioral models through the examination that indicate different personalities, respectively, in relation to the interaction with the service provider; and
  
  responsive to the detecting, flagging the user account as being potentially compromised by a malicious party.
- View Dependent Claims (19, 20)
- - 19. A method as described in claim 18, further comprising performing one or more actions to restrict the compromise to the user account responsive to the flagging, wherein the one or more actions include restricting subsequent interaction that corresponds to a first said personality and permitting subsequent interaction that corresponds to a second said personality.
  - 20. A method as described in claim 19, wherein the first said personality is identified as being potentially malicious.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
McColm, Linda A., Osipkov, Ivan, Walter, Jason D., Gillum, Eliot C., Vitaldevara, Krishna, McCann, Robert L.

Application Number

US12/791,777
Publication Number

US 20110296003A1
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/55   Detecting local intrusion o...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/168   above the transport layer

H04L 67/535   Tracking the activity of th...

USER ACCOUNT BEHAVIOR TECHNIQUES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

172 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

USER ACCOUNT BEHAVIOR TECHNIQUES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

172 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others