System and method for identity consolidation
First Claim
1. A method for attributing a plurality of user-authentication credentials to an individual, the method comprising:
- receiving, at an identity server machine, a plurality of user-authentication credentials, each being different from the others and associated with a different computer application;
inferring association, at the identity server machine, between different ones of the plurality of user-authentication credentials and a single individual, based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each user-authentication credential, the observed application usage comprising one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application;
creating, at the identity server machine, an identity signature for the single individual based on the different user-authentication credentials associated with the single individual; and
identifying, at the identity server machine, the individual based on the identity signature.
7 Assignments
0 Petitions
Accused Products
Abstract
Application-specific and single-sign-on user-authentication credentials are analyzed and consolidated based on commonalities among the credentials and usage of the applications to which they are attributed according to a process whereby a plurality of user-authentication credentials each associated with a different computer application are received; at least a subset of the plurality of user-authentication credentials are associated with each other based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each respective user-authentication credential; an identity signature is created for the individual based on the subset of associated user-authentication credentials; and the identity signature is attributed to the individual.
32 Citations
29 Claims
-
1. A method for attributing a plurality of user-authentication credentials to an individual, the method comprising:
-
receiving, at an identity server machine, a plurality of user-authentication credentials, each being different from the others and associated with a different computer application; inferring association, at the identity server machine, between different ones of the plurality of user-authentication credentials and a single individual, based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each user-authentication credential, the observed application usage comprising one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application; creating, at the identity server machine, an identity signature for the single individual based on the different user-authentication credentials associated with the single individual; and identifying, at the identity server machine, the individual based on the identity signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15)
-
-
14. A system for attributing computer system user-authentication credentials to an individual, the system comprising:
-
an identity server machine comprising; an identity signature data store for storing user-authentication credentials in connection with a plurality of different computer applications, the user-authentication credentials being different from each other; and a mapping module for (i) inferring association between different ones of the user-authentication credentials and a single individual, the association being inferred based on consistencies among the user-authentication credentials and observed application usage patterns attributed to each respective user-authentication credential, wherein the observed application usage comprises one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application; and
(ii) creating a single user signature for the individual based on the association. - View Dependent Claims (16, 17)
-
-
18. An article of manufacture having non-transitory computer-readable program portions embodied thereon for attributing user-authentication credentials to an individual, the article comprising computer-readable instructions for:
-
receiving, at an identity server machine, a plurality of user-authentication credentials, each being different from the others and associated with a different computer application; inferring association, at the identity server machine, between different ones of the plurality of user-authentication credentials and a single individual, based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each user-authentication credential, the observed application usage comprising one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application; creating, at the identity server machine, an identity signature for the single individual based on the different user-authentication credentials associated with the single individual; and identifying, at the identity server machine, the individual based on the identity signature.
-
-
19. A method for attributing user-authentication credentials to an individual, the method comprising:
-
receiving at an identity server machine a plurality of user-authentication credentials each being different from the others and associated with a different computer application; monitoring activities attributed to each respective user-authentication credential; inferring association between different ones of the plurality of user-authentication credentials and a single individual, based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each user-authentication credential, the observed application usage comprising one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application; and based on the monitored activities and the inferred association, and notwithstanding the differences among the user-authentication credentials, determining at the identity server machine whether a likelihood that a new activity is associated with a single user exceeds a predetermined threshold. - View Dependent Claims (20, 21, 22)
-
-
23. A method of detecting shared usage of user-authentication credentials, the method comprising:
-
receiving, at an identity server machine, a plurality of requests for access to a secure resource, each request comprising one or more user-authentication credentials attributed to a different user; constructing, at the identity server machine, a request profile for each request based at least in part on the provided user-authentication credentials; inferring association, at the identity server machine, between different ones of the plurality of request profiles and a single set of user-authentication credentials, based on consistencies among the associated authentication credentials and observed application usage patterns attributed to each user-authentication credential, the observed application usage comprising one or more of logging into an operating system, logging into an application, using one or more functions within an application and navigating to one or more screens within an application; and identifying, at the identity server machine and based on the inferred association, identical user-authentication credentials received in two or more of the requests having different request profiles, thereby detecting shared usage of the identical user-authentication credentials. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification