Methods and Systems for Using Behavioral Analysis Towards Efficient Continuous Authentication

US 20160110528A1
Filed: 10/15/2014
Published: 04/21/2016
Est. Priority Date: 10/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method of performing multifactor user authentication in a computing device, comprising:

determining in a processor of the computing device one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;

using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device; and

authenticating the user by evaluating the determined number of authentication factors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.

105 Citations

View as Search Results

32 Claims

1. A method of performing multifactor user authentication in a computing device, comprising:
- determining in a processor of the computing device one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device; and
  
  authenticating the user by evaluating the determined number of authentication factors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine the authentication factors that are be evaluated when authenticating the user of the computing device.
  - 3. The method of claim 1, further comprising:
    - monitoring hardware and software systems of the computing device to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 4. The method of claim 1, wherein determining one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value comprises:
    - monitoring activities of a software application to collect behavior information;
      
      generating a behavior vector that characterizes the monitored activities based on the collected behavior information; and
      
      applying the behavior vector to a classifier model to generate analysis results.
  - 5. The method of claim 4, wherein the classifier model is a model of critical activity.
  - 6. The method of claim 5, wherein the behavior vector is a multi-dimension vector data structure.
  - 7. The method of claim 1, further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device, wherein authenticating the user by evaluating the determined number of authentication factors comprises determining whether a behavior of a software application is consistent with the distinct way in which the user interacts with the computing device.
  - 8. The method of claim 1, wherein determining the number of authentication factors that are to be evaluated comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction for the purpose of authentication;
      
      determining a passive authentication confidence value that identifies the device level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of a process or software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      determining the number of authentication factors that are be evaluated when authenticating the user of the computing device based on the comparison result.

9. A computing device, comprising:
- a processor configured with processor-executable instructions to perform operations comprising;
  
  determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device; and
  
  authenticating the user by evaluating the determined number of authentication factors.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computing device of claim 9, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine the authentication factors that are be evaluated when authenticating the user of the computing device.
  - 11. The computing device of claim 9, wherein the processor is configured with processor-executable instructions to perform operations further comprising monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 12. The computing device of claim 9, wherein the processor is configured with processor-executable instructions to perform operations such that determining one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value comprises:
    - monitoring activities of a software application to collect behavior information;
      
      generating a behavior vector that characterizes the monitored activities based on the collected behavior information; and
      
      applying the behavior vector to a classifier model to generate analysis results.
  - 13. The computing device of claim 12, wherein the processor is configured with processor-executable instructions to perform operations such that applying the behavior vector to the classifier model to generate the analysis results comprises applying the behavior vector to a model of critical activity.
  - 14. The computing device of claim 13, wherein the processor is configured with processor-executable instructions to perform operations such that applying the behavior vector to the model of critical activity comprises applying a multi-dimension vector data structure to the model of critical activity.
  - 15. The computing device of claim 9, wherein:
    - the processor is configured with processor-executable instructions to perform operations further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device; and
      
      the processor is configured with processor-executable instructions to perform operations such that authenticating the user by evaluating the determined number of authentication factors comprises determining whether a behavior of a software application is consistent with the distinct way in which the user interacts with the computing device.
  - 16. The computing device of claim 9, wherein the processor is configured with processor-executable instructions to perform operations such that determining the number of authentication factors that are to be evaluated comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction for the purpose of authentication;
      
      determining a passive authentication confidence value that identifies the device level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of a process or software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      determining the number of authentication factors that are be evaluated when authenticating the user of the computing device based on the comparison result.

17. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a computing device to perform operations, comprising:
- determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device; and
  
  authenticating the user by evaluating the determined number of authentication factors.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory computer readable storage medium of claim 17, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising:
    - using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine the authentication factors that are be evaluated when authenticating the user of the computing device.
  - 19. The non-transitory computer readable storage medium of claim 17, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising:
    - monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 20. The non-transitory computer readable storage medium of claim 17, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that determining one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value comprises:
    - monitoring activities of a software application to collect behavior information;
      
      generating a behavior vector that characterizes the monitored activities based on the collected behavior information; and
      
      applying the behavior vector to a classifier model to generate analysis results.
  - 21. The non-transitory computer readable storage medium of claim 20, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that applying the behavior vector to the classifier model to generate the analysis results comprises applying the behavior vector to a model of critical activity.
  - 22. The non-transitory computer readable storage medium of claim 21, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that applying the behavior vector to the model of critical activity comprises applying a multi-dimension vector data structure to the model of critical activity.
  - 23. The non-transitory computer readable storage medium of claim 17, wherein:
    - the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device; and
      
      the stored processor-executable software instructions are configured to cause a processor to perform operations such that authenticating the user by evaluating the determined number of authentication factors comprises determining whether a behavior of a software application is consistent with the distinct way in which the user interacts with the computing device.
  - 24. The non-transitory computer readable storage medium of claim 17, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that determining the number of authentication factors that are to be evaluated comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction for the purpose of authentication;
      
      determining a passive authentication confidence value that identifies the device level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of a process or software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      determining the number of authentication factors that are be evaluated when authenticating the user of the computing device based on the comparison result.

25. A computing device, comprising:
- means for determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  means for using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device; and
  
  means for authenticating the user by evaluating the determined number of authentication factors.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The computing device of claim 25, further comprising:
    - means for using one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value to determine the authentication factors that are be evaluated when authenticating the user of the computing device.
  - 27. The computing device of claim 25, further comprising means for monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 28. The computing device of claim 25, wherein means for determining one or more of the transaction type criticality value, the user confidence value, the software integrity confidence value, and the historical behavior value comprises:
    - means for monitoring activities of a software application to collect behavior information;
      
      means for generating a behavior vector that characterizes the monitored activities based on the collected behavior information; and
      
      means for applying the behavior vector to a classifier model to generate analysis results.
  - 29. The computing device of claim 28, wherein means for applying the behavior vector to the classifier model to generate the analysis results comprises means for applying the behavior vector to a model of critical activity.
  - 30. The computing device of claim 29, wherein means for applying the behavior vector to the model of critical activity comprises means for applying a multi-dimension vector data structure to the model of critical activity.
  - 31. The computing device of claim 25, further comprising means for monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device, wherein means for authenticating the user by evaluating the determined number of authentication factors comprises means for determining whether a behavior of a software application is consistent with the distinct way in which the user interacts with the computing device.
  - 32. The computing device of claim 25, wherein means for determining the number of authentication factors that are to be evaluated comprises:
    - means for performing passive authentication operations to authenticate the user without requiring express user interaction for the purpose of authentication;
      
      means for determining a passive authentication confidence value that identifies the device level of confidence in an accuracy of the passive authentication operations;
      
      means for determining a criticality level value that identifies an importance or criticality of a process or software application operating on the computing device;
      
      means for comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      means for determining the number of authentication factors that are be evaluated when authenticating the user of the computing device based on the comparison result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Gupta, Rajarshi, Patne, Satyajit Prabhakar

Granted Patent

US 9,684,775 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/67   Risk-dependent, e.g. select...

H04W 12/68   Gesture-dependent or behavi...

Methods and Systems for Using Behavioral Analysis Towards Efficient Continuous Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

105 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and Systems for Using Behavioral Analysis Towards Efficient Continuous Authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links