Behavior based identity system

US 9,053,307 B1
Filed: 07/23/2012
Issued: 06/09/2015
Est. Priority Date: 07/23/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying an identity management program executable in a computing device, comprising:

code that stores, in a memory, a preconfigured sequence of behavioral events specified by an authenticated user in association with a user identity;

code that, in response to receiving an assertion of the user identity from a client and receiving behavior verification data created by a server associated with a first network site, performs a comparison between a plurality of behavioral events and the preconfigured sequence of behavioral events associated with the user identity, the behavior verification data recording the plurality of behavioral events expressed by the client relative to a resource of the first network site, the plurality of behavioral events corresponding to at least one of;

a client-side behavior relative to a rendered resource obtained from the first network site, a particular search query being executed in the first network site, a particular item being purchased in the first network site, or a particular resource being accessed;

code that generates an identity confidence level as to whether the user identity belongs to a user at the client based at least in part on the comparison; and

code that authenticates the user at the client to access a secured resource of a second network site in response to determining that the identity confidence level meets a threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on stored behavioral events which have been observed previously or have been preconfigured. Multiple behavioral events expressed by a client relative to multiple resources of a network site are observed. The behavioral events correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the observed behavioral events and multiple stored behavioral events associated with a user identity. An identity confidence level as to whether the user identity belongs to a user at the client is generated based at least in part on the comparison.

Citations

25 Claims

1. A non-transitory computer-readable medium embodying an identity management program executable in a computing device, comprising:
- code that stores, in a memory, a preconfigured sequence of behavioral events specified by an authenticated user in association with a user identity;
  
  code that, in response to receiving an assertion of the user identity from a client and receiving behavior verification data created by a server associated with a first network site, performs a comparison between a plurality of behavioral events and the preconfigured sequence of behavioral events associated with the user identity, the behavior verification data recording the plurality of behavioral events expressed by the client relative to a resource of the first network site, the plurality of behavioral events corresponding to at least one of;
  
  a client-side behavior relative to a rendered resource obtained from the first network site, a particular search query being executed in the first network site, a particular item being purchased in the first network site, or a particular resource being accessed;
  
  code that generates an identity confidence level as to whether the user identity belongs to a user at the client based at least in part on the comparison; and
  
  code that authenticates the user at the client to access a secured resource of a second network site in response to determining that the identity confidence level meets a threshold.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the server comprises a first server, the plurality of behavioral events comprises a first plurality of behavioral events, and the comparison comprises a first comparison, and further comprising:
    - code that, in response to receiving behavior verification data created by a second server associated with a third network site, performs a second comparison between a second plurality of behavioral events and the preconfigured sequence of behavioral events associated with the user identity, the behavior verification data created by the second server recording the second plurality of behavioral events expressed by the client relative to a resource of the third network site; and
      
      wherein the code that generates the identity confidence level is further configured to generate the identity confidence level based at least in part on the second comparison.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the behavior verification data is obtained from the server.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the behavior verification data is obtained from the client.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the assertion of the user identity includes a correct password for the user identity.

6. A system, comprising:
- at least one computing device comprising a processor and a memory; and
  
  an identity management system executable in the at least one computing device, the identity management system comprising;
  
  logic that, in response to receiving a user specification of a preconfigured sequence of behavioral events, stores the preconfigured sequence of behavioral events in a memory in association with a user identity;
  
  logic that observes a plurality of behavioral events expressed by a client relative to a plurality of resources of a network site;
  
  logic that performs a comparison between the plurality of behavioral events and the preconfigured sequence of behavioral events associated with the user identity;
  
  logic that generates an identity confidence level as to whether the user identity belongs to a user at the client based at least in part on the comparison; and
  
  logic that authenticates the user at the client as having the user identity in response to determining that the identity confidence level meets a threshold.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 7. The system of claim 6, wherein the identity management system further comprises:
    - logic that tracks authenticated user behavior in a plurality of authenticated user sessions associated with the user identity to generate at least one of the preconfigured sequence of behavioral events; and
      
      wherein the logic that tracks authenticated user behavior is configured to track the authenticated user behavior when a tracking permission is enabled by an authenticated user having the user identity.
  - 8. The system of claim 6, wherein the comparison between the plurality of behavioral events and the preconfigured sequence of behavioral events is performed in response to receiving an assertion of the user identity from the client.
  - 9. The system of claim 8, wherein the assertion of the user identity includes a correct security credential for the user identity.
  - 10. The system of claim 8, wherein the assertion of the user identity is obtained from a cookie stored by the client, from a form submission by the client, or from a uniform resource locator (URL) accessed by the client.
  - 11. The system of claim 6, wherein the identity management system further comprises logic that determines an inverse identity confidence level as to whether the user identity does not belong to the user at the client based at least in part on the comparison.
  - 12. The system of claim 6, wherein the plurality of behavioral events includes a client-side behavioral event relative to a rendered resource of the network site, and the logic that observes is configured to obtain the client-side behavioral event from monitoring code executed in the client.
  - 13. The system of claim 12, wherein the client-side behavioral event corresponds to a typing characteristic of the user or a scrolling characteristic of the user.
  - 14. The system of claim 6, wherein one of the behavioral events corresponds to executing a search with a particular search query on the network site.
  - 15. The system of claim 6, wherein one of the behavioral events corresponds to accessing a particular network page on the network site.
  - 16. The system of claim 6, wherein one of the behavioral events corresponds to adding a particular item to a list of items.
  - 17. The system of claim 6, wherein the preconfigured sequence of behavioral events is specified by an authenticated user having the user identity.
  - 18. The system of claim 6, wherein the plurality of behavioral events are expressed by the client relative to the resources of a plurality of network sites, and the logic that observes is configured to obtain behavior verification data created by a server associated with one of the network sites.
  - 19. The system of claim 6, wherein the logic that performs the comparison is configured to determine whether the plurality of behavioral events match a specific sequence of the preconfigured sequence of behavioral events.
  - 20. The system of claim 6, wherein the identity management system further comprises logic that recognizes the user at the client as potentially having the user identity in response to determining that the identity confidence level meets an intermediate threshold which is lesser than the threshold.

21. A method implemented by an identity management system, the method comprising:
- receiving, via at least one of one or more computing devices comprising a processor and memory, an assertion of a user identity from a client;
  
  determining, via at least one of the one or more computing devices, a stored sequence of resources associated with the user identity, the stored sequence of resources being preconfigured by an authenticated user corresponding to the user identity;
  
  monitoring, via at least one of the one or more computing devices, a sequence of resources accessed by the client from a network site;
  
  performing, via at least one of the one or more computing devices, a comparison of the sequence of resources accessed by the client and the stored sequence of resources;
  
  generating, via at least one of the one or more computing devices, an identity confidence level as to whether the user identity belongs to a user at the client based at least in part on the comparison; and
  
  authenticating, via at least one of the one or more computing devices, the user at the client as having the user identity in response to determining that the identity confidence level meets a threshold.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21, further comprising determining, via at least one of the one or more computing devices, an inverse identity confidence level as to whether the user identity does not belong to the user at the client based at least in part on the comparison.
  - 23. The method of claim 21, wherein the sequence of resources includes adding a particular item to a shopping list or a wish list on the network site.
  - 24. The method of claim 21, wherein the sequence of resources includes accessing a particular network page from the network site.
  - 25. The method of claim 21, further comprising granting, via at least one of the one or more computing devices, access to a secured resource in response to determining that the identity confidence level meets the threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Johansson, Jesper M., Stathakopoulos, George N.
Primary Examiner(s)
Cervetti, David Garca
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US13/555,724
Time in Patent Office

1,051 Days
Field of Search

705/14.25, 705/26.35, 705/75, 705/67, 705/14.26, 726 2- 7, 726/21, 726/27, 713/182, 713/185, 713/168, 709/229
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

Behavior based identity system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Behavior based identity system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links