SYSTEM AND METHOD OF IDENTIFYING POTENTIALLY DANGEROUS DEVICES DURING THE INTERACTION OF A USER WITH BANKING SERVICES

US 20190053053A1
Filed: 09/05/2017
Published: 02/14/2019
Est. Priority Date: 08/10/2017
Status: Active Grant

First Claim

Patent Images

1. A method for identifying potentially dangerous devices during the interaction of a user with banking services, wherein the method comprises:

responsive to detecting an interaction between a user device and banking services, acquiring a digital fingerprint associated with the user device, wherein the digital fingerprint indicates at least one characteristic of the user device;

generating one or more clusters associated with the user device based on the at least one characteristic of the user device, wherein each cluster is associated with a corresponding threat degree; and

responsive to determining that the user device is a threat risk based on the one or more generated clusters, blocking a transaction being carried out between the user device and the banking services during the interaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods for identifying potentially dangerous devices during the interaction of a user with banking services. When there are interactions between a user'"'"'s device(s) and banking services, the described technique acquires a digital fingerprint of the user device. That digital fingerprint indicates at least one characteristic of the user device. Clusters associated with the user device are created based on the at least one characteristic of the user device. Each cluster is associated with a corresponding threat degree. In response to determining that the user device is a threat risk based on the one or more generated clusters, transactions being carried out between the user device and the banking services may be blocked.

Citations

21 Claims

1. A method for identifying potentially dangerous devices during the interaction of a user with banking services, wherein the method comprises:
- responsive to detecting an interaction between a user device and banking services, acquiring a digital fingerprint associated with the user device, wherein the digital fingerprint indicates at least one characteristic of the user device;
  
  generating one or more clusters associated with the user device based on the at least one characteristic of the user device, wherein each cluster is associated with a corresponding threat degree; and
  
  responsive to determining that the user device is a threat risk based on the one or more generated clusters, blocking a transaction being carried out between the user device and the banking services during the interaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - acquiring data related to threat risk states associated with the user device.
  - 3. The method of claim 1, further comprising:
    - calculating each threat degree associated with a corresponding cluster of the one or more clusters, wherein each threat degree indicates a numerical quantity proportional to a frequency of occurrence of a threat risk state.
  - 4. The method of claim 1, wherein determining that the user device is a threat risk based on the one or more generated clusters further comprises:
    - determining that the user device is associated with at least two clusters with threat degrees exceeding a threshold value.
  - 5. The method of claim 1, wherein determining that the user device is a threat risk based on the one or more generated clusters further comprises:
    - determining a first threat degree of a first cluster of the generated clusters;
      
      determining a second threat degree of a second cluster of the generated clusters; and
      
      determining that an average of the first and second threat degrees exceeds the threshold value, wherein the first threat degree does not individually exceed the threshold value.
  - 6. The method of claim 5, wherein the first and second clusters are generated by clusterization of different characteristics of the user device.
  - 7. The method of claim 1, wherein determining that the user device is a threat risk based on the one or more generated clusters further comprises:
    - determining that an average of a product of a first threat degree and an associated weight value and a product of a second threat and an associated weight value exceeds the threshold value.

8. A system for identifying potentially dangerous devices during the interaction of a user with banking services, wherein the system comprises:
- a storage device for storing a database; and
  
  a hardware processor configured to;
  
  responsive to detecting an interaction between a user device and banking services, acquire a digital fingerprint associated with the user device, wherein the digital fingerprint indicates at least one characteristic of the user device;
  
  generate one or more clusters associated with the user device based on the at least one characteristic of the user device, wherein each cluster is associated with a corresponding threat degree; and
  
  responsive to determining that the user device is a threat risk based on the one or more generated clusters, block a transaction being carried out between the user device and the banking services during the interaction.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the generated clusters and associated threat degrees are stored in the database.
  - 10. The system of claim 8, wherein the processor is further configured to:
    - calculate each threat degree associated with a corresponding cluster of the one or more clusters, wherein each threat degree indicates a numerical quantity proportional to a frequency of occurrence of a threat risk state.
  - 11. The system of claim 8, wherein the processor is configured to determine that the user device is a threat risk based on the one or more generated clusters is further configured to:
    - determine that the user device is associated with at least two clusters with threat degrees exceeding a threshold value.
  - 12. The system of claim 8, wherein the processor is configured to determine that the user device is a threat risk based on the one or more generated clusters is further configured to:
    - determine a first threat degree of a first cluster of the generated clusters;
      
      determine a second threat degree of a second cluster of the generated clusters; and
      
      determine that an average of the first and second threat degrees exceeds the threshold value, wherein the first threat degree does not individually exceed the threshold value.
  - 13. The system of claim 12, wherein the first and second clusters are generated by clusterization of different characteristics of the user device.
  - 14. The system of claim 8, wherein the processor is configured to determine that the user device is a threat risk based on the one or more generated clusters is further configured to:
    - determine that an average of a product of a first threat degree and an associated weight value and a product of a second threat and an associated weight value exceeds the threshold value.

15. A non-transitory computer readable medium comprising computer executable instructions for identifying potentially dangerous devices during the interaction of a user with banking services, including instructions for:
- responsive to detecting an interaction between a user device and banking services, acquiring a digital fingerprint associated with the user device, wherein the digital fingerprint indicates at least one characteristic of the user device;
  
  generating one or more clusters associated with the user device based on the at least one characteristic of the user device, wherein each cluster is associated with a corresponding threat degree; and
  
  responsive to determining that the user device is a threat risk based on the one or more generated clusters, blocking a transaction being carried out between the user device and the banking services during the interaction.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, further comprising instructions for:
    - acquiring data related to threat risk states associated with the user device.
  - 17. The non-transitory computer readable medium of claim 15, further comprising instructions for:
    - calculating each threat degree associated with a corresponding cluster of the one or more clusters, wherein each threat degree indicates a numerical quantity proportional to a frequency of occurrence of a threat risk state.
  - 18. The non-transitory computer readable medium of claim 15, wherein the instructions for determining that the user device is a threat risk based on the one or more generated clusters further comprises instructions for:
    - determining that the user device is associated with at least two clusters with threat degrees exceeding a threshold value.
  - 19. The non-transitory computer readable medium of claim 15, wherein the instructions for determining that the user device is a threat risk based on the one or more generated clusters further comprises instructions for:
    - determining a first threat degree of a first cluster of the generated clusters;
      
      determining a second threat degree of a second cluster of the generated clusters; and
      
      determining that an average of the first and second threat degrees exceeds the threshold value, wherein the first threat degree does not individually exceed the threshold value.
  - 20. The non-transitory computer readable medium of claim 19, wherein the first and second clusters are generated by clusterization of different characteristics of the user device.
  - 21. The non-transitory computer readable medium of claim 15, wherein instructions for determining that the user device is a threat risk based on the one or more generated clusters further comprises instructions for:
    - determining that an average of a product of a first threat degree and an associated weight value and a product of a second threat and an associated weight value exceeds the threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Lab A.O. Kaspersky
Inventors
Skvortsov, Vladimir A, Kolotinsky, Evgeny B.

Granted Patent

US 10,511,974 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/108   Remote banking, e.g. home b...

H04L 2463/102   applying security measure f...

H04L 63/0876   based on the identity of th...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04W 12/08   Access security

SYSTEM AND METHOD OF IDENTIFYING POTENTIALLY DANGEROUS DEVICES DURING THE INTERACTION OF A USER WITH BANKING SERVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD OF IDENTIFYING POTENTIALLY DANGEROUS DEVICES DURING THE INTERACTION OF A USER WITH BANKING SERVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links