Methods and systems for using behavioral analysis towards efficient continuous authentication

US 9,684,775 B2
Filed: 10/15/2014
Issued: 06/20/2017
Est. Priority Date: 10/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method of performing multifactor user authentication in a computing device, comprising:

monitoring, via a processor of the computing device, an activity of a software application operating on the computing device to collect behavior information;

using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;

applying the generated behavior vector to a classifier model to generate an analysis result;

using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;

using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;

using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and

authenticating the user by evaluating the determined number of the determined authentication factors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.

23 Citations

View as Search Results

24 Claims

1. A method of performing multifactor user authentication in a computing device, comprising:
- monitoring, via a processor of the computing device, an activity of a software application operating on the computing device to collect behavior information;
  
  using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;
  
  applying the generated behavior vector to a classifier model to generate an analysis result;
  
  using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;
  
  using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and
  
  authenticating the user by evaluating the determined number of the determined authentication factors.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - monitoring hardware and software systems of the computing device to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 3. The method of claim 1, wherein applying the behavior vector to the classifier model to generate the analysis result comprises applying the behavior vector to a model of critical activity to generate the analysis result.
  - 4. The method of claim 3, wherein applying the behavior vector to the model of critical activity to generate the analysis result comprises:
    - applying a multi-dimension vector data structure to the model of critical activity to generate the analysis result.
  - 5. The method of claim 1, further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device, wherein authenticating the user by evaluating the determined number of the determined authentication factors comprises determining whether a behavior of the software application is consistent with the distinct way in which the user interacts with the computing device.
  - 6. The method of claim 1, wherein using the computed at least one value to determine the number of authentication factors that are to be evaluated when authenticating the user of the computing device further comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction;
      
      determining a passive authentication confidence value that identifies the computing device'"'"'s level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of the software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      using the generated comparison result to determine the number of authentication factors that are be evaluated when authenticating the user of the computing device.

7. A computing device, comprising:
- a memory;
  
  a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising;
  
  monitoring an activity of a software application operating on the computing device to collect behavior information;
  
  using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;
  
  applying the generated behavior vector to a classifier model to generate an analysis result;
  
  using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;
  
  using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and
  
  authenticating the user by evaluating the determined number of the determined authentication factors.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations further comprising monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 9. The computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations such that applying the behavior vector to the classifier model to generate the analysis result comprises:
    - applying the behavior vector to a model of critical activity to generate the analysis result.
  - 10. The computing device of claim 9, wherein the processor is configured with processor-executable instructions to perform operations such that applying the behavior vector to the model of critical activity to generate the analysis result comprises:
    - applying a multi-dimension vector data structure to the model of critical activity to generate the analysis result.
  - 11. The computing device of claim 7, wherein:
    - the processor is configured with processor-executable instructions to perform operations further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device; and
      
      the processor is configured with processor-executable instructions to perform operations such that authenticating the user by evaluating the determined number of the determined authentication factors comprises determining whether a behavior of the software application is consistent with the distinct way in which the user interacts with the computing device.
  - 12. The computing device of claim 7, wherein the processor is configured with processor-executable instructions to perform operations such that using the computed at least one value to determine the number of authentication factors that are to be evaluated when authenticating the user of the computing device further comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction;
      
      determining a passive authentication confidence value that identifies the computing device'"'"'s level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of the software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      using the generated comparison result to determine the number of authentication factors that are be evaluated when authenticating the user of the computing device.

13. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a computing device to perform operations, comprising:
- monitoring an activity of a software application operating on the computing device to collect behavior information;
  
  using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;
  
  applying the generated behavior vector to a classifier model to generate an analysis result;
  
  using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;
  
  using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and
  
  authenticating the user by evaluating the determined number of the determined authentication factors.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable storage medium of claim 13, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising:
    - monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that applying the behavior vector to the classifier model to generate the analysis result comprises applying the behavior vector to a model of critical activity to generate the analysis result.
  - 16. The non-transitory computer readable storage medium of claim 15, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that applying the behavior vector to the model of critical activity to generate the analysis result comprises applying a multi-dimension vector data structure to the model of critical activity to generate the analysis result.
  - 17. The non-transitory computer readable storage medium of claim 13, wherein:
    - the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device; and
      
      the stored processor-executable software instructions are configured to cause a processor to perform operations such that authenticating the user by evaluating the determined number of the determined authentication factors comprises determining whether a behavior of the software application is consistent with the distinct way in which the user interacts with the computing device.
  - 18. The non-transitory computer readable storage medium of claim 13, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that using the computed at least one value to determine the number of authentication factors that are to be evaluated when authenticating the user of the computing device further comprises:
    - performing passive authentication operations to authenticate the user without requiring express user interaction;
      
      determining a passive authentication confidence value that identifies the computing device'"'"'s level of confidence in an accuracy of the passive authentication operations;
      
      determining a criticality level value that identifies an importance or criticality of the software application operating on the computing device;
      
      comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      using the generated comparison result to determine the number of authentication factors that are be evaluated when authenticating the user of the computing device.

19. A computing device, comprising:
- means for monitoring an activity of a software application operating on the computing device to collect behavior information;
  
  means for using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;
  
  means for applying the generated behavior vector to a classifier model to generate an analysis result;
  
  means for using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
  
  means for using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;
  
  means for using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and
  
  means for authenticating the user by evaluating the determined number of the determined authentication factors.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The computing device of claim 19, further comprising means for monitoring hardware and software systems to determine the computing device'"'"'s current vulnerability to unauthorized use.
  - 21. The computing device of claim 19, wherein means for applying the behavior vector to the classifier model to generate the analysis result comprises means for applying the behavior vector to a model of critical activity to generate the analysis result.
  - 22. The computing device of claim 21, wherein means for applying the behavior vector to the model of critical activity to generate the analysis result comprises means for applying a multi-dimension vector data structure to the model of critical activity to generate the analysis result.
  - 23. The computing device of claim 19, further comprising means for monitoring hardware and software systems of the computing device to learn over time a distinct way in which the user interacts with the computing device, wherein means for authenticating the user by evaluating the determined number of the determined authentication factors comprises means for determining whether a behavior of the software application is consistent with the distinct way in which the user interacts with the computing device.
  - 24. The computing device of claim 19, wherein means for using the computed at least one value to determine the number of authentication factors that are to be evaluated when authenticating the user of the computing device further comprises:
    - means for performing passive authentication operations to authenticate the user without requiring express user interaction;
      
      means for determining a passive authentication confidence value that identifies the computing device'"'"'s level of confidence in an accuracy of the passive authentication operations;
      
      means for determining a criticality level value that identifies an importance or criticality of the software application operating on the computing device;
      
      means for comparing the passive authentication confidence value to the criticality level value to generate a comparison result that identifies whether a level of confidence in the passive authentication outweighs a level of criticality; and
      
      means for using the generated comparison result to determine the number of authentication factors that are be evaluated when authenticating the user of the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Patne, Satyajit Prabhakar, Gupta, Rajarshi
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
MEJIA, FELICIANO S

Application Number

US14/514,662
Publication Number

US 20160110528A1
Time in Patent Office

979 Days
Field of Search

726 4- 5, 726 19, 726 21- 22
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/67   Risk-dependent, e.g. select...

H04W 12/68   Gesture-dependent or behavi...

Methods and systems for using behavioral analysis towards efficient continuous authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for using behavioral analysis towards efficient continuous authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links