Using packet interception to integrate risk-based user authentication into online services
First Claim
Patent Images
1. A method, performed by a network analyzer device connected to a network, the method comprising:
- sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user;
analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and
sending the extracted event information to an authentication server for risk-based authentication of the user;
wherein;
analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server includes examining the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application layer;
the specific interaction events include events drawn from a set of application-layer events;
the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; and
the web-based application server provides a secure online banking service to the user as the web-based application.
9 Assignments
0 Petitions
Accused Products
Abstract
Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.
-
Citations
22 Claims
-
1. A method, performed by a network analyzer device connected to a network, the method comprising:
-
sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and sending the extracted event information to an authentication server for risk-based authentication of the user; wherein; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server includes examining the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application layer; the specific interaction events include events drawn from a set of application-layer events; the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; and the web-based application server provides a secure online banking service to the user as the web-based application. - View Dependent Claims (2, 3, 4, 5, 6, 8)
-
-
7. A method, performed by a network analyzer device connected to a network, the method comprising:
-
sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and sending the extracted event information to an authentication server for risk-based authentication of the user; wherein; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server includes examining the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application layer; the specific interaction events include events drawn from a set of application-layer events including; the user logging in to the web-based application server; the user changing a login password; and the user changing a user e-mail address; and the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; the method further comprises; analyzing the sniffed packets to extract ancillary information from a networking layer below the application-layer, the ancillary information relating to the detected specific interaction events between the user machine and the web-based application server; and sending the extracted ancillary information to the authentication server for risk-based authentication of the user in connection with the extracted event information; and analyzing the sniffed packets to extract ancillary information from the networking layer below the application-layer includes detecting specific ancillary information from the networking layer below the application-layer drawn from a set of data including; packet size; clock skew between packets; number of simultaneous sessions operated by the user; browser type used by the user; operating system type used by the user; and time interval between service of a web-page by the web-based application server and response by the user machine.
-
-
9. A computer program product comprising a non-transitory tangible computer-readable storage medium, the tangible computer-readable storage medium storing instructions, which, when performed by a computing device, cause the computing device to perform the operations of:
-
sniffing packets traversing a network between a web-based application server and a user machine, the user machine being operated by a user; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and sending the extracted event information to an authentication server for risk-based authentication of the user; wherein; the instructions direct the computer to, when analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, examine the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application-layer, wherein the specific interaction events include events drawn from a set of application-layer events; the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; and the web-based application server provides a secure online banking service to the user as the web-based application. - View Dependent Claims (10, 11, 12, 13, 19, 20)
-
-
14. A network analyzer device comprising:
-
a processor; means for sniffing packets traversing a network; and memory, the memory storing instructions, which, when performed by the processor, cause the processor to perform the operations of; directing the packet sniffing means to sniff packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and sending the extracted event information to an authentication server for risk-based authentication of the user; wherein; the instructions direct the processor to, when analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, examine the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application-layer, wherein the specific interaction events include events drawn from a set of application-layer events; the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; and the web-based application server provides a secure online banking service to the user as the web-based application. - View Dependent Claims (15, 16, 17, 21, 22)
-
-
18. A system comprising:
-
a network gateway device, configured to connect a remote user machine to a network; a web-based application server, connected to the network, the web-based application server being configured to provide, across the network gateway device, a web-based application service to a user operating the user machine; and a network analyzer device, connected to the network gateway device, the network analyzer device configured to; sniff packets traversing the network gateway device between the web-based application server and the user machine; analyze the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server; and send the extracted event information to an authentication server for risk-based authentication of the user; wherein; analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server includes examining the sniffed packets to detect specific interaction events that occur between the user machine and the web-based application server at an application layer; the specific interaction events include events drawn from a set of application-layer events; the authentication server is configured to perform risk-based authentication of the user by analyzing the specific interaction events drawn from the set of application-layer events; and the web-based application server provides a secure online banking service to the user as the web-based application.
-
Specification