Methods and systems for using behavioral analysis towards efficient continuous authentication
First Claim
1. A method of performing multifactor user authentication in a computing device, comprising:
- monitoring, via a processor of the computing device, an activity of a software application operating on the computing device to collect behavior information;
using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application;
applying the generated behavior vector to a classifier model to generate an analysis result;
using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value;
using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device;
using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and
authenticating the user by evaluating the determined number of the determined authentication factors.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device processor may be configured with processor-executable instructions to implement methods of using behavioral analysis and machine learning techniques to identify, prevent, correct, and/or otherwise respond to malicious or performance-degrading behaviors of the computing device. As part of these operations, the processor may perform multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors.
23 Citations
24 Claims
-
1. A method of performing multifactor user authentication in a computing device, comprising:
-
monitoring, via a processor of the computing device, an activity of a software application operating on the computing device to collect behavior information; using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application; applying the generated behavior vector to a classifier model to generate an analysis result; using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value; using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device; using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and authenticating the user by evaluating the determined number of the determined authentication factors. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computing device, comprising:
-
a memory; a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; monitoring an activity of a software application operating on the computing device to collect behavior information; using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application; applying the generated behavior vector to a classifier model to generate an analysis result; using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value; using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device; using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and authenticating the user by evaluating the determined number of the determined authentication factors. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a processor of a computing device to perform operations, comprising:
-
monitoring an activity of a software application operating on the computing device to collect behavior information; using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application; applying the generated behavior vector to a classifier model to generate an analysis result; using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value; using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device; using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and authenticating the user by evaluating the determined number of the determined authentication factors. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computing device, comprising:
-
means for monitoring an activity of a software application operating on the computing device to collect behavior information; means for using the collected behavior information to generate a behavior vector that characterizes the monitored activity of the software application; means for applying the generated behavior vector to a classifier model to generate an analysis result; means for using the generated analysis result to compute at least one value, the computed at least one value including one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value; means for using the computed at least one value to determine a number of authentication factors that are to be evaluated when authenticating a user of the computing device; means for using the computed at least one value to determine which authentication factor to use for each of the number of authentication factors that are to be evaluated when authenticating the user of the computing device; and means for authenticating the user by evaluating the determined number of the determined authentication factors. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification