Identifying Related User Accounts Based on Authentication Data

US 20160094529A1
Filed: 09/29/2014
Published: 03/31/2016
Est. Priority Date: 09/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a computing device, a malicious activity associated with a first user account; and

determining, by the computing device, that at least one second user account is related to the first user account based on authentication data associated with the first user account.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts.

Citations

20 Claims

1. A method comprising:
- detecting, by a computing device, a malicious activity associated with a first user account; and
  
  determining, by the computing device, that at least one second user account is related to the first user account based on authentication data associated with the first user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the first user account and the second user account, the authentication data including an email address; and
      
      determining that the second user account is related to the first user account based on a common string pattern in the first user account email address and the second user account email address.
  - 3. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the first user account and the second user account, the authentication data including an IP address; and
      
      determining that the second user account is related to the first user account based on at least a first portion of the first user account IP address matching at least a portion of the second user account IP address.
  - 4. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the first user account and the second user account, the authentication data including a geographic region; and
      
      determining that the second user account is related to the first user account based on the first user account geographic region matching the second user account geographic region.
  - 5. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the first user account, the authentication data including a device type; and
      
      determining that the second user account is related to the first user account based on the first user account device type matching the second user account device type.
  - 6. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the second user account, the authentication data including a referral account identifier; and
      
      determining that the second user account is related to the first user account based on the referral account identifier linking the second user account to the first user account.
  - 7. The method of claim 1, further comprising:
    - collecting, by the computing device, authentication data associated with the first user account, the authentication data including a browser type; and
      
      determining that the second user account is related to the first user account based on the first user account browser type matching the second user account browser type.

8. A non-transitory computer readable medium including one or more sequences of instructions which, when executed by one or more processors, cause:
- collecting a first authentication data associated with a first user account;
  
  collecting a second authentication data associated with a second user account;
  
  detecting a malicious activity associated with a first user account;
  
  comparing the first authentication data to the second authentication data; and
  
  determining that the second user account is related to the first user account based on the comparison.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, wherein the first authentication data includes a first email address, the second authentication data includes a second email address;
    - and wherein the instructions cause;
      
      determining that the first email address and the second email address have a common string pattern.
  - 10. The non-transitory computer readable medium of claim 8, wherein the first authentication data includes a first IP address, the second authentication data includes a second IP address;
    - and wherein the instructions cause;
      
      determining that at least a portion of the first IP address matches at least a portion of the second IP address.
  - 11. The non-transitory computer readable medium of claim 8, wherein the first authentication data includes a first geographic region, the second authentication data includes a second geographic region;
    - and wherein the instructions cause;
      
      determining that the first geographic region matches the second geographic region.
  - 12. The non-transitory computer readable medium of claim 8, wherein the first authentication data includes a first device type, the second authentication data includes a second device type;
    - and wherein the instructions cause;
      
      determining that the first device type matches the second device type.
  - 13. The non-transitory computer readable medium of claim 8, wherein the second authentication data includes a referral account identifier;
    - and wherein the instructions cause;
      
      determining that the second user account is related to the first user account based on the referral account identifier linking the second user account to the first user account.
  - 14. The non-transitory computer readable medium of claim 8, wherein the first authentication data includes a first browser type, the second authentication data includes a second browser type;
    - and wherein the instructions cause;
      
      determining that the first browser type matches the second browser type.

15. A system comprising:
- one or more processors; and
  
  a computer readable medium including one or more sequences of instructions which, when executed by one or more processors, cause;
  
  collecting a first authentication data associated with a first user account and a second authentication data associated with a second user account;
  
  detecting a malicious activity associated with a first user account;
  
  determining that the second user account is related to the first user account based on the comparison;
  
  comparing a first content item of the first user account to a second content item of the second user account; and
  
  determining that the second user account is a malicious user account based on the comparison.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the instructions cause:
    - generating one or more first hash values based on the first content item;
      
      generating one or more second hash values based on the second content item;
      
      comparing the first hash values to the second hash values; and
      
      determining that the second user account is a malicious user account based the comparison.
  - 17. The system of claim 15, wherein the first authentication data includes a first email address, the second authentication data includes a second email address;
    - and wherein the instructions cause;
      
      determining that the first email address and the second email address have a common string pattern.
  - 18. The system of claim 15, wherein the first authentication data includes a first IP address, the second authentication data includes a second IP address;
    - and wherein the instructions cause;
      
      determining that at least a portion of the first IP address matches at least a portion of the second IP address.
  - 19. The system of claim 15, wherein the first authentication data includes a first geographic region, the second authentication data includes a second geographic region;
    - and wherein the instructions cause;
      
      determining that the first geographic region matches the second geographic region.
  - 20. The system of claim 15, wherein the second authentication data includes a referral account identifier;
    - and wherein the instructions cause;
      
      determining that the second user account is related to the first user account based on the referral account identifier linking the second user account to the first user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Mityagin, Anton

Granted Patent

US 10,091,174 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/1416 Event detection, e.g. attac...

Identifying Related User Accounts Based on Authentication Data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying Related User Accounts Based on Authentication Data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links