Implicit authentication
First Claim
1. A method for implicitly authenticating a user to access a controlled resource, the method comprising:
- receiving, from a computing device, a request to access the controlled resource;
selecting a user behavior model for the user, wherein the user behavior model is derived from historical contextual data of the user;
determining recent contextual data of the user, wherein the recent contextual data are collected from one or more user devices without prompting the user to perform an action associated with authentication, and wherein the recent contextual data comprise a plurality of data streams which provide a basis for determining whether the user owns the computing device;
determining a user behavior score which indicates a likelihood that the user owns the computing device, wherein determining the user behavior score involves;
observing a recent event that is associated with the user'"'"'s computing device;
calculating a quality measure for the recent event, and a weight associated with a type of the observation;
determining that the observed recent event is consistent with the user behavior model; and
adjusting the user behavior score based on the quality measure and the weight; and
providing the user behavior score to an access controller of the controlled resource, wherein the access controller facilitates access to the controlled resource for the user in response to the user behavior score exceeding a predetermined threshold value.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource.
64 Citations
23 Claims
-
1. A method for implicitly authenticating a user to access a controlled resource, the method comprising:
-
receiving, from a computing device, a request to access the controlled resource; selecting a user behavior model for the user, wherein the user behavior model is derived from historical contextual data of the user; determining recent contextual data of the user, wherein the recent contextual data are collected from one or more user devices without prompting the user to perform an action associated with authentication, and wherein the recent contextual data comprise a plurality of data streams which provide a basis for determining whether the user owns the computing device; determining a user behavior score which indicates a likelihood that the user owns the computing device, wherein determining the user behavior score involves; observing a recent event that is associated with the user'"'"'s computing device; calculating a quality measure for the recent event, and a weight associated with a type of the observation; determining that the observed recent event is consistent with the user behavior model; and adjusting the user behavior score based on the quality measure and the weight; and providing the user behavior score to an access controller of the controlled resource, wherein the access controller facilitates access to the controlled resource for the user in response to the user behavior score exceeding a predetermined threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for implicitly authenticating a user to access a controlled resource, the system comprising:
-
a user access request receiver configured to receive a request, from a computer device, to access the controlled resource; a selection mechanism configured to select a user behavior model for the user, wherein the user behavior model is derived from historical context data of the user; a determination mechanism configured to determine recent contextual data of the user, wherein the recent contextual data are collected from one or more user devices without prompting the user to perform an action associated with authentication, and wherein the recent contextual data comprise a plurality of data streams which provide a basis for determining whether the user owns the computing device; a behavioral score grader configured to determine a user behavior score which indicates a likelihood that the user owns the computing device, wherein while determining the user behavior score the behavioral score grader is further configured to; observe a recent event that is associated with the user'"'"'s computing device; calculate a quality measure for the recent event, and a weight associated with a type of the observation; determine that the observed recent event is consistent with the user behavior model; and adjust the user behavior score based on the quality measure and the weight; and an authentication information provision mechanism configured to provide the user behavior score to an access controller of the controlled resource, wherein the access controller is configured to facilitate access to the controlled resource for the user in response to the user behavior score exceeding a predetermined threshold value. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for implicitly authenticating a user to access a controlled resource, the method comprising:
-
receiving a request, from a computer device, to access the controlled resource; selecting a user behavior model for the user, wherein the user behavior model is derived from historical contextual data of the user; determining recent contextual data of the user, wherein the recent contextual data are collected from one or more user devices without prompting the user to perform an action associated with authentication, and wherein the recent contextual data comprise a plurality of data streams which provide a basis for determining whether the user owns the computing device; determining a user behavior score which indicates a likelihood that the user owns the computing device, wherein determining the user behavior score involves; observing a recent event that is associated with the user'"'"'s computing device; calculating a quality measure for the recent event, and a weight associated with a type of the observation; determining that the observed recent event is consistent with the user behavior model; and adjusting the user behavior score based on the quality measure and the weight; and providing the user behavior score to an access controller of the controlled resource, wherein the access controller facilitates access to the controlled resource for the user in response to the user behavior score exceeding a predetermined threshold value.
-
Specification