Multi-granular authentication techniques

US 9,407,754 B1
Filed: 02/13/2015
Issued: 08/02/2016
Est. Priority Date: 02/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user of a mobile device, the method comprising:

generating a first profile and second profile of user behavior for an authorized user of the mobile device, the first profile comprising a first type of profile having at least a first duration and comprising information indicative of expected behavior of the authorized user over at least the first duration, the second profile comprising a second type of profile having a second duration that is shorter than the first duration and comprising information indicative of expected behavior of the authorized user over at least the second duration;

monitoring user behavior to generate usage behavior data;

comparing the usage behavior data to the first profile and the second profile;

performing a first type of authentication action responsive to the usage behavior data deviating from the first profile; and

performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for authenticating a user of a mobile device at a computing platform are provided. A method according to these techniques includes generating a first profile and second profile of user behavior for the user of the mobile device, the first profile comprising a first type of profile having at least a first duration and the second profile comprising a second type of profile having a second duration that is shorter than the first duration, monitoring user behavior to generate usage behavior data, comparing the usage behavior data to the first profile and the second profile, performing a first type of authentication action responsive to the usage behavior data deviating from the first profile, and performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.

Citations

33 Claims

1. A method for authenticating a user of a mobile device, the method comprising:
- generating a first profile and second profile of user behavior for an authorized user of the mobile device, the first profile comprising a first type of profile having at least a first duration and comprising information indicative of expected behavior of the authorized user over at least the first duration, the second profile comprising a second type of profile having a second duration that is shorter than the first duration and comprising information indicative of expected behavior of the authorized user over at least the second duration;
  
  monitoring user behavior to generate usage behavior data;
  
  comparing the usage behavior data to the first profile and the second profile;
  
  performing a first type of authentication action responsive to the usage behavior data deviating from the first profile; and
  
  performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein monitoring the user behavior to generate the usage behavior data comprises monitoring the user behavior while the mobile device is in a sleep state.
  - 3. The method of claim 1, wherein performing the first type of authentication action or the second type of authentication action comprises performing an authentication procedure which locks the mobile device until an authentication input is received by the mobile device.
  - 4. The method of claim 3, wherein performing the first type of authentication action comprises performing a strong authentication procedure which locks the mobile device until a strong authentication input is received by the mobile device, the strong authentication input being different from the authentication input required in the second type of authentication action.
  - 5. The method of claim 1, wherein generating the second profile comprises:
    - collecting user-related data for a predetermined period of time at the mobile device during a training period; and
      
      generating the second profile based on the user-related data.
  - 6. The method of claim 1, wherein generating the first profile comprises:
    - collecting user-related data at the mobile device during a training period; and
      
      generating the first profile based on the user-related data.
  - 7. The method of claim 1, wherein performing the second type of authentication action comprises:
    - determining an authentication action associated with the user behavior;
      
      receiving an authentication input based on the authentication action; and
      
      determining whether the authentication input satisfies requirements of the authentication action.
  - 8. The method of claim 1, wherein performing the first type of authentication action comprises:
    - determining a strong authentication action associated with the user behavior;
      
      receiving an authentication input based on the strong authentication action; and
      
      determining whether the authentication input satisfies requirements of the strong authentication action.
  - 9. The method of claim 1, further comprising:
    - refining the first profile based at least in part on the usage behavior data.

10. An apparatus comprising:
- means for generating a first profile and second profile of user behavior for an authorized user of the mobile device, the first profile comprising a first type of profile having at least a first duration and comprising information indicative of expected behavior of the authorized user over at least the first duration, the second profile comprising a second type of profile having a second duration that is shorter than the first duration and comprising information indicative of expected behavior of the authorized user over at least the second duration;
  
  means for monitoring user behavior to generate usage behavior data;
  
  means for comparing the usage behavior data to the first profile and the second profile;
  
  means for performing a first type of authentication action responsive to the usage behavior data deviating from the first profile; and
  
  means for performing a second type of authentication action responsive to the usage behavior data deviating from the second profile.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, wherein the means for monitoring the user behavior to generate the usage behavior data comprises means for monitoring the user behavior while the mobile device is in a sleep state.
  - 12. The apparatus of claim 10, wherein the means for performing the first type of authentication action or the second type of authentication action comprises means for performing an authentication procedure which locks the mobile device until an authentication input is received by the mobile device.
  - 13. The apparatus of claim 12, wherein the means for performing the first type of authentication action comprises means for performing a strong authentication procedure which locks the mobile device until a strong authentication input is received by the mobile device, the strong authentication input being different from the authentication input required in the second type of authentication action.
  - 14. The apparatus of claim 10, wherein the means for generating the second profile comprises:
    - means for collecting user-related data for a predetermined period of time at the mobile device during a training period; and
      
      means for generating the second profile based on the user-related data.
  - 15. The apparatus of claim 10, wherein the means for generating the first profile comprises:
    - means for collecting user-related data at the mobile device during a training period; and
      
      means for generating the first profile based on the user-related data.
  - 16. The apparatus of claim 10, wherein the means for performing the second type of authentication action comprises:
    - means for determining an authentication action associated with the user behavior;
      
      means for receiving an authentication input based on the authentication action; and
      
      means for determining whether the authentication input satisfies requirements of the authentication action.
  - 17. The apparatus of claim 10, wherein the means for performing the first type of authentication action comprises:
    - means for determining a strong authentication action associated with the user behavior;
      
      means for receiving an authentication input based on the strong authentication action; and
      
      means for determining whether the authentication input satisfies requirements of the strong authentication action.

18. A computing device comprising:
- a processor configured to;
  
  generate a first profile and second profile of user behavior for an authorized user of the mobile device, the first profile comprising a first type of profile having at least a first duration and comprising information indicative of expected behavior of the authorized user over at least the first duration, the second profile comprising a second type of profile having a second duration that is shorter than the first duration and comprising information indicative of expected behavior of the authorized user over at least the second duration;
  
  monitor user behavior to generate usage behavior data;
  
  compare the usage behavior data to the first profile and the second profile;
  
  perform a first type of authentication action responsive to the usage behavior data deviating from the first profile; and
  
  perform a second type of authentication action responsive to the usage behavior data deviating from the second profile.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The computing device of claim 18, wherein the processor is configured to monitor the user behavior while the mobile device is in a sleep state.
  - 20. The computing device of claim 18, wherein the processor being configured to perform the first type of authentication action or the second type of authentication action is configured to perform an authentication procedure which locks the mobile device until an authentication input is received by the mobile device.
  - 21. The computing device of claim 20, wherein the processor being configured to perform the first type of authentication action is configured to perform a strong authentication procedure which locks the mobile device until a strong authentication input is received by the mobile device, the strong authentication input being different from the authentication input required in the second type of authentication action.
  - 22. The computing device of claim 18, wherein the processor being configured to generate the second profile is configured to:
    - collect user-related data for a predetermined period of time at the mobile device during a training period; and
      
      generate the second profile based on the user-related data.
  - 23. The computing device of claim 18, wherein the processor being configured to generate the first profile is configured to:
    - collect user-related data at the mobile device during a training period; and
      
      generate the first profile based on the user-related data.
  - 24. The computing device of claim 18, wherein the processor being configured to perform the second type of authentication action is configured to:
    - determine an authentication action associated with the user behavior;
      
      receive an authentication input based on the authentication action; and
      
      determine whether the authentication input satisfies requirements of the authentication action.
  - 25. The computing device of claim 18, wherein the processor being configured to perform the first type of authentication action is configured to:
    - determine a strong authentication action associated with the user behavior;
      
      receive an authentication input based on the strong authentication action; and
      
      determine whether the authentication input satisfies requirements of the strong authentication action.

26. A non-transitory, computer-readable medium, having stored thereon computer-readable instructions for authenticating a user of a mobile device, comprising instructions configured to cause a computer to:
- generate a first profile and second profile of user behavior for an authorized user of the mobile device, the first profile comprising a first type of profile having at least a first duration and comprising information indicative of expected behavior of the authorized user over at least the first duration, the second profile comprising a second type of profile having a second duration that is shorter than the first duration and comprising information indicative of expected behavior of the authorized user over at least the second duration;
  
  monitor user behavior to generate usage behavior data;
  
  compare the usage behavior data to the first profile and the second profile;
  
  perform a first type of authentication action responsive to the usage behavior data deviating from the first profile; and
  
  perform a second type of authentication action responsive to the usage behavior data deviating from the second profile.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to monitor the user behavior to generate the usage behavior data comprise instructions configured to cause the computer to monitor the user behavior while the mobile device is in a sleep state.
  - 28. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to perform the first type of authentication action or the second type of authentication action comprise instructions configured to cause the computer to perform an authentication procedure which locks the mobile device until an authentication input is received by the mobile device.
  - 29. The non-transitory, computer-readable medium of claim 28, wherein the instructions configured to cause the computer to perform the first type of authentication action comprise instructions configured to cause the computer to perform a strong authentication procedure which locks the mobile device until a strong authentication input is received by the mobile device, the strong authentication input being different from the authentication input required in the second type of authentication action.
  - 30. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to generate the second profile comprise instructions configured to cause the computer to:
    - collect user-related data for a predetermined period of time at the mobile device during a training period; and
      
      generate the second profile based on the user-related data.
  - 31. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to generate the second profile comprise instructions configured to cause the computer to:
    - collect user-related data at the mobile device during a training period; and
      
      generate the second profile based on the user-related data.
  - 32. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to perform the second type of authentication action responsive to the usage behavior data deviating from the second profile comprise instructions configured to cause the computer to:
    - determine an authentication action associated with the user behavior;
      
      receive an authentication input based on the authentication action; and
      
      determine whether the authentication input satisfies requirements of the authentication action.
  - 33. The non-transitory, computer-readable medium of claim 26, wherein the instructions configured to cause the computer to perform the first type of authentication action comprise instructions configured to cause the computer to:
    - determine a strong authentication action associated with the user behavior;
      
      receive an authentication input based on the strong authentication action; and
      
      determine whether the authentication input satisfies requirements of the strong authentication action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Benoit, Olivier Jean, Nithyanand, Rishab, Cammarota, Rosario, Palanigounder, Anand
Primary Examiner(s)
Doan, Kiet

Application Number

US14/622,742
Publication Number

US 20160241705A1
Time in Patent Office

536 Days
Field of Search

455/414.1, 455/556.2, 455/411, 455/412.1, 380/46, 380/270, 709/217, 709/219, 705/75, 705/26.5, 705/14.52, 705/80
US Class Current

1/1
CPC Class Codes

H04L 63/1425   Traffic logging, e.g. anoma...

H04M 1/724631   by limiting the access to t...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/121   Wireless intrusion detectio...

H04W 12/30   Security of mobile devices;...

H04W 12/40   Security arrangements using...

H04W 12/63   Location-dependent; Proximi...

H04W 12/68   Gesture-dependent or behavi...

Multi-granular authentication techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-granular authentication techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links