Continuous user authentication tool for mobile device communications

US 9,392,460 B1
Filed: 01/02/2016
Issued: 07/12/2016
Est. Priority Date: 01/02/2016
Status: Active Grant

First Claim

Patent Images

1. A continuous user authentication tool for near real-time electronic communications, comprising:

a mobile computing device associated with a trusted user, the mobile computing device including a pressure-sensitive touch screen and at least one processing unit coupled to non-transient memory and the pressure-sensitive touch screen, wherein the pressure-sensitive touch screen is configured to generate a signal representing keypad pressure applied by a user when depressing a character on a virtual keypad displayed on the touch screen;

a messaging application, stored in non-transient memory, that, when executed by the at least one processing unit, causes the at least one processing unit to transmit and receive near real-time electronic communications during a near real-time electronic communication session;

a trusted user profile stored in non-transient memory, the trusted user profile including data representing the keypad pressure applied by the trusted user when depressing one or more characters on the virtual keypad;

a continuous user authentication application, stored in non-transient memory, that, when executed by the at least one processing unit during a current near real-time electronic communication session, causes the at least one processing unit to;

continually monitor keypad pressure applied by a current user of the mobile device when depressing characters on the virtual keypad to type an electronic communication during the current electronic communication session,compare the monitored keypad pressure applied by the current user when depressing one or more specific characters on the virtual keypad to the trusted user profile data representing the keypad pressure applied by the trusted user to the specific one or more characters,generate a confidence score based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the mobile device, andautomatically require the mobile device to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication tool continuously authenticates the user of a mobile device during an electronic communication session. A trusted user profile includes keypad pressure applied by the trusted user when depressing characters on a virtual keypad displayed on the mobile device touch screen. Keypad pressure applied by the current user of the mobile device is continually monitored during the current electronic communication session. The monitored keypad pressure applied by the current user is compared to the keypad pressure in the trusted user profile. A confidence score is generated based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the mobile device. The mobile device is automatically required to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.

Citations

20 Claims

1. A continuous user authentication tool for near real-time electronic communications, comprising:
- a mobile computing device associated with a trusted user, the mobile computing device including a pressure-sensitive touch screen and at least one processing unit coupled to non-transient memory and the pressure-sensitive touch screen, wherein the pressure-sensitive touch screen is configured to generate a signal representing keypad pressure applied by a user when depressing a character on a virtual keypad displayed on the touch screen;
  
  a messaging application, stored in non-transient memory, that, when executed by the at least one processing unit, causes the at least one processing unit to transmit and receive near real-time electronic communications during a near real-time electronic communication session;
  
  a trusted user profile stored in non-transient memory, the trusted user profile including data representing the keypad pressure applied by the trusted user when depressing one or more characters on the virtual keypad;
  
  a continuous user authentication application, stored in non-transient memory, that, when executed by the at least one processing unit during a current near real-time electronic communication session, causes the at least one processing unit to;
  
  continually monitor keypad pressure applied by a current user of the mobile device when depressing characters on the virtual keypad to type an electronic communication during the current electronic communication session,compare the monitored keypad pressure applied by the current user when depressing one or more specific characters on the virtual keypad to the trusted user profile data representing the keypad pressure applied by the trusted user to the specific one or more characters,generate a confidence score based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the mobile device, andautomatically require the mobile device to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The continuous user authentication tool of claim 1, wherein the trusted user profile also includes keypad cadence data of the trusted user typing on the virtual keypad, the keypad cadence data including at least one of average typing speed, typing speed between various combinations of characters in a particular word or phrase, length of time required to type a particular word or phrase, length of time required to type a particular combination of characters in a particular word or phrase, and length of time that particular characters are depressed on the virtual keypad while typing a particular word or phrase;
    - andwherein the continuous user authentication application will further cause the at least one processing unit to;
      
      continually monitor keypad cadence data of the current user of the mobile device as the current user types an electronic communication on the virtual keypad during the current electronic communication session, andcompare the monitored keypad cadence data of the current user to keypad cadence data of the trusted user in the trusted user profile; and
      
      wherein the generated confidence score is also based upon the compared keypad cadence of the current user and the trusted user of the mobile device.
  - 3. The continuous user authentication tool of claim 1, wherein the trusted user profile also includes data representing characteristics of spelling, grammar and phrasing of the trusted user typing on the virtual keypad;
    - andwherein the continuous user authentication application will further cause the at least one processing unit to;
      
      continually monitor characteristics of spelling, grammar and phrasing of the current user of the mobile device as the current user types an electronic communication on the virtual keypad during the current electronic communication session, andcompare the monitored characteristics of spelling, grammar and phrasing of the current user to the trusted user profile data representing characteristics of spelling, grammar and phrasing of the trusted user; and
      
      wherein the generated confidence score is also based upon the compared characteristics of spelling, grammar and phrasing of the current user and the trusted user of the mobile device.
  - 4. The continuous user authentication tool of claim 1, wherein the trusted user profile also includes data representing patterns of messaging by the trusted user based on geographic location of the mobile device;
    - andwherein the continuous user authentication application will further cause the at least one processing unit to;
      
      continually monitor the current location of the mobile device during the current electronic communication session, andcompare the monitored current location of the mobile device to the trusted user profile data representing patterns of messaging by the trusted user based on geographic location of the mobile device; and
      
      wherein the generated confidence score is also based upon the comparison of the current location of the mobile device to the patterns of messaging by the trusted user based on geographic location of the mobile device.
  - 5. The continuous user authentication tool of claim 4, wherein the patterns of messaging by the trusted user based on geographic location include the location of the mobile device at a particular time and/or day.
  - 6. The continuous user authentication tool of claim 1, wherein the trusted user profile also includes data representing patterns of messaging by the trusted user when the mobile device is moving and when the mobile device is stationary;
    - andwherein the continuous user authentication application will further cause the at least one processing unit to;
      
      continually monitor current acceleration of the mobile device to determine whether the mobile device moving or stationary during the current electronic communication session, andcompare the monitored current acceleration of the mobile device to the trusted user profile data representing patterns of messaging by the trusted user when the mobile device is moving or stationary; and
      
      wherein the generated confidence score is also based upon the comparison of the monitored current acceleration of the mobile device to the patterns of messaging by the trusted user when the mobile device is moving or stationary.
  - 7. The continuous user authentication tool of claim 6, wherein the patterns of messaging by the trusted user when the mobile device is moving or stationary include the time and/or day.
  - 8. The continuous user authentication tool of claim 1, further comprising:
    - at least one biometric sensor configured to receive biometric identification data from the current user of the mobile device, andwherein re-authentication of the current user as the trusted user of the mobile device is successful when the received biometric identification data matches biometric identification data of the trusted user stored in non-transitory memory.
  - 9. The continuous user authentication tool of claim 8, wherein the biometric identification data comprises at least one of fingerprint data, face data, voice data, iris data, retina data, and signature data.
  - 10. The continuous user authentication tool of claim 8, wherein, if the re-authentication of the current user is not successful, the continuous user authentication application will further cause the at least one processing unit to perform at least one of:
    - transmit a warning message over a network to computing devices of other participants in the current near real-time electronic communication session that the current user is not the trusted user of the mobile device; and
      
      terminate the current near real-time electronic communication session.
  - 11. The continuous user authentication tool of claim 1, wherein the near real-time electronic communication is an SMS message, MMS message, EMS message, IM message, or IRC message.

12. A computer-implemented method for continuously authenticating a user of a mobile device during a near real-time electronic communication session, comprising:
- storing, using at least one processing unit operatively coupled to non-transient memory, a profile of a trusted user of the mobile device in non-transient memory, the trusted user profile including data representing keypad pressure applied by the trusted user when depressing one or more characters on a virtual keypad displayed on a pressure-sensitive touch screen of the mobile device;
  
  continually monitoring, using the at least one processing unit, keypad pressure applied by a current user of the mobile device when depressing characters on the virtual keypad to type an electronic communication during a current near real-time electronic communication session;
  
  comparing, using the at least one processing unit, the monitored keypad pressure applied by the current user when depressing one or more specific characters on the virtual keypad to the trusted user profile data representing the keypad pressure applied by the trusted user to the specific one or more characters;
  
  generating, using the at least one processing unit, a confidence score based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the mobile device; and
  
  automatically requiring, using the at least one processing unit, the mobile device to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer-implemented method of claim 12, further comprising:
    - storing in the trusted user profile, using the at least one processing unit, keypad cadence data of the trusted user typing on the virtual keypad;
      
      continually monitoring, using the at least one processing unit, keypad cadence data of the current user of the mobile device as the current user types an electronic communication on the virtual keypad during the current electronic communication session; and
      
      comparing, using the at least one processing unit, the monitored keypad cadence data of the current user to keypad cadence data of the trusted user in the trusted user profile;
      
      wherein the keypad cadence data includes at least one of average typing speed, typing speed between various combinations of characters in a particular word or phrase, length of time required to type a particular word or phrase, length of time required to type a particular combination of characters in a particular word or phrase, and length of time that particular characters are depressed on the virtual keypad while typing a particular word or phrase,wherein the generated confidence score is also based upon the compared keypad cadence of the current user and the trusted user of the mobile device.
  - 14. The computer-implemented method of claim 12, further comprising:
    - storing in the trusted user profile, using the at least one processing unit, data representing characteristics of spelling, grammar and phrasing of the trusted user typing on the virtual keypad;
      
      continually monitoring, using the at least one processing unit, characteristics of spelling, grammar and phrasing of the current user of the mobile device as the current user types an electronic communication on the virtual keypad during the current electronic communication session; and
      
      comparing, using the at least one processing unit, the monitored characteristics of spelling, grammar and phrasing of the current user to the trusted user profile data representing characteristics of spelling, grammar and phrasing of the trusted user,wherein the generated confidence score is also based upon the compared characteristics of spelling, grammar and phrasing of the current user and the trusted user of the mobile device.
  - 15. The computer-implemented method of claim 12, further comprising:
    - storing in the trusted user profile, using the at least one processing unit, data representing patterns of messaging by the trusted user based on geographic location of the mobile device;
      
      continually monitoring, using the at least one processing unit, the current location of the mobile device during the current electronic communication session; and
      
      comparing, using the at least one processing unit, the monitored current location of the mobile device to the trusted user profile data representing patterns of messaging by the trusted user based on geographic location of the mobile device,wherein the generated confidence score is also based upon the comparison of the current location of the mobile device to the patterns of messaging by the trusted user based on geographic location of the mobile device.
  - 16. The computer-implemented method of claim 12, further comprising:
    - storing in the trusted user profile, using the at least one processing unit, data representing patterns of messaging by the trusted user when the mobile device is moving and when the mobile device is stationary;
      
      continually monitoring, using the at least one processing unit, current acceleration of the mobile device to determine whether the mobile device moving or stationary during the current electronic communication session; and
      
      comparing, using the at least one processing unit, the monitored current acceleration of the mobile device to the trusted user profile data representing patterns of messaging by the trusted user when the mobile device is moving or stationary,wherein the generated confidence score is also based upon the comparison of the monitored current acceleration of the mobile device to the patterns of messaging by the trusted user when the mobile device is moving or stationary.
  - 17. The computer-implemented method of claim 12, further comprising:
    - storing in the trusted user profile, using the at least one processing unit, biometric identification data of the trusted user;
      
      receiving, from at least one biometric sensor operably coupled to the at least one processing unit, biometric identification data from the current user of the mobile device;
      
      comparing, using the at least one processing unit, the received biometric identification data of the current user to the biometric identification data of the trusted user stored in the user profile; and
      
      re-authenticating, using the at least one processing unit, the current user as the trusted user of the mobile device if the received biometric identification data of the current user matches the biometric identification data of the trusted user.
  - 18. The computer-implemented method of claim 17, wherein the biometric identification data comprises at least one of fingerprint data, face data, voice data, iris data, retina data, and signature data.
  - 19. The computer-implemented method of claim 17, wherein, if the received biometric identification data of the current user fails to match the biometric identification data of the trusted user, the method further comprises at least one of:
    - transmitting, using the at least one processing unit, a warning message over a network to computing devices of other participants in the current near real-time electronic communication session that the current user is not the trusted user of the mobile device; and
      
      terminating, using the at least one processing unit, the current near real-time electronic communication session.
  - 20. The computer-implemented method of claim 12, wherein the near real-time electronic communication is an SMS message, MMS message, EMS message, IM message, or IRC message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Blake, William H., Schaefer, Jeffrey D., Boss, Gregory J., Childress, Rhonda L., Lemke, William A., McConnell, Kevin C.
Primary Examiner(s)
Rampuria, Sharad
Assistant Examiner(s)
Bassinan, Obidon

Application Number

US14/986,674
Time in Patent Office

192 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/0861   using biometrical features,...

H04L 67/04   specially adapted for termi...

H04L 67/12   specially adapted for propr...

H04L 67/306   User profiles

H04L 67/52   specially adapted for the l...

H04L 67/535   Tracking the activity of th...

H04M 1/72436   for text messaging, e.g. sh...

H04M 1/72457   according to geographic loc...

H04W 12/065   Continuous authentication

H04W 12/68   Gesture-dependent or behavi...

H04W 4/029   Location-based management o...

H04W 8/183   Processing at user equipmen...

Continuous user authentication tool for mobile device communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Continuous user authentication tool for mobile device communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links