Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication

US 8,370,389 B1
Filed: 03/31/2010
Issued: 02/05/2013
Est. Priority Date: 03/31/2010
Status: Active Grant

First Claim

Patent Images

1. An adaptive authentication server to authenticate a user of a massive multiplayer online role playing game (MMORPG), the adaptive authentication server comprising:

an interface;

a user database; and

a controller coupled to the interface and the database, the controller comprising processing circuitry to execute an authentication program, the controller being constructed and arranged to;

store user information describing a MMORPG user in the user database based on a set of first transmissions received from a game provider of the MMORPG through the interface,receive a second transmission from the game provider through the interface, the second transmission including an authentication request to authenticate the MMORPG user, andproviding, through the interface, a response transmission to the game provider in response to the second transmission, the response transmission including an authentication result based on an adaptive authentication operation involving the user database, the authentication result controlling whether the game provider provides the MMORPG user with current access to the MMORPG,wherein the set of first transmissions received from the game provider of the MMORPG includes user data collected from the MMORPG user by the game provider while the game provider previously provided the MMORPG user with access to the MMORPG; and

wherein the controller, when storing the user information describing the MMORPG user in the user database, is constructed and arranged to populate a set of user attribute fields with information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the information populated in the set of user attribute fields forming at least a portion of a current user profile of the MMORPG user,wherein the controller, when providing the response transmission to the game provider in response to the second transmission, is constructed and arranged to;

generate a risk score based, at least in part, on the information populated in the set of user attribute fields, andgive the authentication result (i) a first access value to grant current access to the MMORPG when the risk score is lower than a predetermined risk threshold, and (ii) a second access value to deny current access to the MMORPG when the risk score is higher than the predetermined risk thresholdwherein the set of user attribute fields includes a previous user address field which stores a previous user address of the MMORPG user; and

wherein the controller, when generating the risk score, is constructed and arranged to compare the previous user address of the MMORPG user to a current user address contained within the second transmission from the game provider to obtain a numerical intermediate risk result.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique authenticates a user of a massively multiplayer online role playing game (MMORPG). The technique involves establishing a user database containing user information describing the MMORPG user based on a set of first transmissions received from a game provider of the MMORPG. The technique further involves (i) receiving a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user, and (ii) providing a response transmission to the game provider in response to the second transmission. The response transmission includes an authentication result based on an adaptive authentication operation involving the user database. The authentication result controls whether the game provider provides the MMORPG user with current access to the MMORPG.

51 Citations

View as Search Results

15 Claims

1. An adaptive authentication server to authenticate a user of a massive multiplayer online role playing game (MMORPG), the adaptive authentication server comprising:
- an interface;
  
  a user database; and
  
  a controller coupled to the interface and the database, the controller comprising processing circuitry to execute an authentication program, the controller being constructed and arranged to;
  
  store user information describing a MMORPG user in the user database based on a set of first transmissions received from a game provider of the MMORPG through the interface,receive a second transmission from the game provider through the interface, the second transmission including an authentication request to authenticate the MMORPG user, andproviding, through the interface, a response transmission to the game provider in response to the second transmission, the response transmission including an authentication result based on an adaptive authentication operation involving the user database, the authentication result controlling whether the game provider provides the MMORPG user with current access to the MMORPG,wherein the set of first transmissions received from the game provider of the MMORPG includes user data collected from the MMORPG user by the game provider while the game provider previously provided the MMORPG user with access to the MMORPG; and
  
  wherein the controller, when storing the user information describing the MMORPG user in the user database, is constructed and arranged to populate a set of user attribute fields with information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the information populated in the set of user attribute fields forming at least a portion of a current user profile of the MMORPG user,wherein the controller, when providing the response transmission to the game provider in response to the second transmission, is constructed and arranged to;
  
  generate a risk score based, at least in part, on the information populated in the set of user attribute fields, andgive the authentication result (i) a first access value to grant current access to the MMORPG when the risk score is lower than a predetermined risk threshold, and (ii) a second access value to deny current access to the MMORPG when the risk score is higher than the predetermined risk thresholdwherein the set of user attribute fields includes a previous user address field which stores a previous user address of the MMORPG user; and
  
  wherein the controller, when generating the risk score, is constructed and arranged to compare the previous user address of the MMORPG user to a current user address contained within the second transmission from the game provider to obtain a numerical intermediate risk result.
- View Dependent Claims (2, 3)
- - 2. A adaptive authentication server as in claim 1 wherein the controller, when storing the user information describing the MMORPG user in the user database, is further constructed and arranged to populate a set of user behavior fields with user statistic information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the statistic information populated in the set of user behavior fields forming at least a portion of the current user profile of the MMORPG user;
    - andwherein the controller is further constructed and arranged to;
      
      receive additional user statistic data collected from the MMORPG user by the game provider at a recent MMORPG play session of the user,compare the statistic information populated in the set of user behavior fields with the additional user statistic data,generate a risk score based, at least in part, on the comparison, andprovide the MMORPG a risk report to the game provider, the risk report indicating whether a critical user behavior deviation exists in the recent MMORPG play session of the user.
  - 3. The method according to claim 1, wherein the game provider is remote from a user device and the controller.

4. A computer program product which includes a computer readable non-transitory storage medium storing instructions which, when executed on a computer, cause the computer to authenticate a user of a massive multiplayer online role playing game (MMORPG), the instructions including:
- instructions to establish a user database containing user information describing a MMORPG user based on a set of first transmissions received from a game provider of the MMORPG;
  
  instructions to receive a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user; and
  
  instructions to provide a response transmission to the game provider in response to the second transmission, the response transmission including an authentication result based on an adaptive authentication operation involving the user database, the authentication result controlling whether the game provider provides the MMORPG user with current access to the MMORPG,wherein the set of first transmissions received from the game provider of the MMORPG includes user data collected from the MMORPG user by the game provider while the game provider previously provided the MMORPG user with access to the MMORPG; and
  
  wherein the controller, when storing the user information describing the MMORPG user in the user database, is constructed and arranged to populate a set of user attribute fields with information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the information populated in the set of user attribute fields forming at least a portion of a current user profile of the MMORPG user,wherein the controller, when providing the response transmission to the game provider in response to the second transmission, is constructed and arranged to;
  
  generate a risk score based, at least in part, on the information populated in the set of user attribute fields, andgive the authentication result (i) a first access value to grant current access to the MMORPG when the risk score is lower than a predetermined risk threshold, and (ii) a second access value to deny current access to the MMORPG when the risk score is higher than the predetermined risk threshold,wherein the set of user attribute fields includes a previous user address field which stores a previous user address of the MMORPG user; and
  
  wherein the controller, when generating the risk score, is constructed and arranged to compare the previous user address of the MMORPG user to a current user address contained within the second transmission from the game provider to obtain a numerical intermediate risk result.

5. A method of authenticating a user of a massive multiplayer online role playing game (MMORPG), the method comprising:
- based on a set of first transmissions received from a game provider of the MMORPG, establishing a user database containing user information describing a MMORPG user;
  
  receiving a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user; and
  
  providing a response transmission to the game provider in response to the second transmission, the response transmission including an authentication result based on an adaptive authentication operation involving the user database, the authentication result controlling whether the game provider provides the MMORPG user with current access to the MMORPG,wherein the set of first transmissions received from the game provider of the MMORPG includes user data collected from the MMORPG user by the game provider while the game provider previously provided the MMORPG user with access to the MMORPG; and
  
  wherein establishing the user database containing the user information includes populating a set of user attribute fields with information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the information populated in the set of user attribute fields forming at least a portion of a current user profile of the MMORPG user,wherein providing the response transmission to the game provider in response to the second transmission includes;
  
  generating a risk score based, at least in part, on the information populated in the set of user attribute fields, andgiving the authentication result (i) a first access value to grant current access to the MMORPG when the risk score is greater than a predetermined risk threshold, and (ii) a second access value to deny current access to the MMORPG when the risk score is less than the predetermined risk threshold,wherein the set of user attribute fields includes a previous user address field which stores a previous user address of the MMORPG user; and
  
  wherein generating the risk score includes comparing the previous user address of the MMORPG user to a current user address contained within the second transmission from the game provider to obtain a numerical intermediate risk result.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. A method as in claim 5 wherein the previous user address is a device specific identifier of an electronic device used by user when the user previously accessed the MMORPG;
    - andwherein the current user address is a current device specific identifier that the game provider obtained during a user login session.
  - 7. A method as in claim 5 wherein the previous user address is an Internet Service Provider (ISP) address through which the user previously accessed the MMORPG;
    - andwherein the current user address is a current ISP address that the game provider obtained during a user login session.
  - 8. A method as in claim 5 wherein the previous user address is a WiFi identified geographic location from which the user previously accessed the MMORPG;
    - andwherein the current user address is a current WiFi identified geographic location that the game provider obtained during a user login session.
  - 9. A method as in claim 5 wherein the set of user attribute fields includes a previous token field which stores a previous token stored in a tracking cookie in an electronic device used by the MMORPG user;
    - andwherein generating the risk score includes comparing the previous token of the MMORPG user to a current token contained within the second transmission from the game provider to obtain a second numerical intermediate risk result.
  - 10. A method as in claim 5 wherein establishing the user database containing the user information further includes populating a set of user behavior fields with user statistic information which is specific to the MMORPG user based on the user data collected from the MMORPG user by the game provider, the statistic information populated in the set of user behavior fields forming at least a portion of the current user profile of the MMORPG user;
    - andwherein the method further comprises;
      
      receiving additional user statistic data collected from the MMORPG user by the game provider at a recent MMORPG play session of the user,comparing the statistic information populated in the set of user behavior fields with the additional user statistic data,generating a risk score based, at least in part, on the comparison, andproviding the MMORPG a risk report to the game provider, the risk report indicating whether a critical user behavior deviation exists in the recent MMORPG play session of the user.
  - 11. A method as in claim 10 wherein the statistic information populated in the set of user behavior fields includes an average length of play;
    - wherein the additional user statistic data collected from the MMORPG user by the game provider at the recent MMORPG play session includes a recent length of play for that recent MMORPG play session; and
      
      wherein generating the risk score includes providing (i) a high risk score indicating a high risk when the recent length of play exceeds the average length of play by a predefined time-length threshold, and (ii) a low risk score indicating a low risk when the recent length of play does not exceed the average length of play by the predefined time-length threshold.
  - 12. A method as in claim 10 wherein the statistic information populated in the set of user behavior fields includes an average speed of play based on a predefined activity frequency;
    - wherein the additional user statistic data collected from the MMORPG user by the game provider at the recent MMORPG play session includes a recent speed of play for that recent MMORPG play session, the recent speed of play being based on the predefined activity frequency; and
      
      wherein generating the risk score includes providing (i) a high risk score indicating a high risk when the deviation between the average speed of play and the recent speed of play is large, and (ii) a low risk score indicating a low risk when the deviation between the average speed of play and the recent speed of play is small.
  - 13. A method as in claim 10 wherein the statistic information populated in the set of user behavior fields includes an average time of day of play;
    - wherein the additional user statistic data collected from the MMORPG user by the game provider at the recent MMORPG play session includes a recent time of day of play for that recent MMORPG play session; and
      
      wherein generating the risk score includes providing (i) a high risk score indicating a high risk when the recent time of day of play exceeds the average time of day of play by a predefined time-of-day threshold, and (ii) a low risk score indicating a low risk when the recent time of day of play does not exceed the average time of day of play by the predefined time-of-day threshold.
  - 14. A method as in claim 10 wherein the statistic information populated in the set of user behavior fields includes an average microtransaction purchase amount;
    - wherein the additional user statistic data collected from the MMORPG user by the game provider at the recent MMORPG play session includes a recent microtransaction purchase amount for that recent MMORPG play session; and
      
      wherein generating the risk score includes providing (i) a high risk score indicating a high risk when the recent microtransaction purchase amount exceeds the average microtransaction purchase amount by a predefined purchase amount threshold, and (ii) a low risk score indicating a low risk when the recent microtransaction purchase amount does not exceed the average microtransaction purchase amount by the predefined purchase amount threshold.
  - 15. A method as in claim 10 wherein the risk report includes risk scores for multiple users of the MMORPG;
    - andwherein providing the MMORPG the risk report to the game provider includes conveying the risk scores for the multiple users of the MMORPG to the game provider to identify potential user fraud in the MMORPG.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Dotan, Yedidya
Primary Examiner(s)
Wilson, Kimberly
Assistant Examiner(s)
Liu, Hexing

Application Number

US12/751,057
Time in Patent Office

1,042 Days
Field of Search

707/793, 707/796, 707/781, 707/694, 707/783, 707/784
US Class Current

707/784
CPC Class Codes

A63F 13/216   using geographical informat...

A63F 13/327   using wireless networks, e....

A63F 13/71   using secure communication ...

A63F 13/79   involving player-related da...

A63F 13/822   Strategy games; Role-playin...

A63F 2300/401   Secure communication, e.g. ...

A63F 2300/532   using secure communication,...

A63F 2300/5573   player location

G06F 21/43   wireless channels

G06F 2221/2103   Challenge-response

Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Techniques for authenticating users of massive multiplayer online role playing games using adaptive authentication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others